Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Programming » HTTP web services » SQL Anywhere as an HTTP web server » How to develop web service applications in an HTTP web server


Cross site scripting considerations

When developing your web application, you should ensure that it is not vulnerable to cross-site scripting (XSS). This type of vulnerability occurs when an attacker attempts to inject a script into your web page.

It is highly recommended that application developers and database administrators review their web application code for possible security vulnerabilities before it is put into production. The Open Web Application Security Project ([external link] contains more information about how to secure your web application.

Here is an example of a cross-site scripting vulnerability. If your web application supports page redirection, it should validate the URL before a redirect is performed. For example, if your web application supports a login function that returns the user to the original page, it should check that the page to which the user is being redirected does not take the user off-site. The following is an example of a malicious redirect.