Keep 'Em Separated
Keep malicious code out of your web app
In the first installment of his series on web app security and validating input, Stephen Enright showed some surprisingly effective attacks that could be carried out by sending SQL statements in HTML form values. But of course, the server is only one half of the security story. The browser also offers opportunities for mischief.
In the Feature Article, Handling Java Web Application Input, Part 2, he takes a look at cross-site scripting, which describes a variety of attacks to insert code from an external source, often using the