Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
On the 16th of January, 2000, the following names were suggested and bounced around among a small group of Microsoft security engineers:
Unauthorized Site Scripting
Unofficial Site Scripting
URL Parameter Script Insertion
Cross Site Scripting
Synthesized Scripting
Fraudulent Scripting
The next day there was consensus – Cross Site Scripting. In retrospect, I think this was a good choice given the options on the table.
By early February there was a coordinated advisory release with CERT:
<www.cert.org/advisories/CA-2000-02.html>
The research leading up to the disclosure dates to mid-December 1999 – exactly ten years ago.
Over the years, the definition of Cross-Site Scripting has expanded somewhat. What we once referred to as simply “Cross Site Scripting” might now be classified as the reflected / non-persistent form of the attack.
Let's hope that ten years from now we'll be celebrating the death, not the birth, of Cross-Site Scripting!