When developing your web application, you should ensure that it is not vulnerable to cross-site scripting (XSS). This type of vulnerability occurs when an attacker attempts to inject a script into your web page.

It is highly recommended that application developers and database administrators review their web application code for possible security vulnerabilities before it is put into production. The Open Web Application Security Project ( https://www.owasp.org) contains more information about how to secure your web application.

Here is an example of a cross-site scripting vulnerability. If your web application supports page redirection, it should validate the URL before a redirect is performed. For example, if your web application supports a login function that returns the user to the original page, it should check that the page to which the user is being redirected does not take the user off-site. The following is an example of a malicious redirect.

https://www.mysite.com/login?referer=http://www.badsite.com/index.html