Cross-site scripting (‘XSS’ or ‘CSS’) attacks exploit vulnerabilities in dynamic environment web pages that enable attackers to inject client-side script into web pages viewed by other users

Insecure Code

  • The insecure code snippet queries a database for an employee id without proper input validation mechanism and prints the employee name

Secure Code

  • The secure code snippet uses input validation and output encoding to prevent attackers from executing any malicious scripts