Silverlight: Avoiding Cross-Site Scripting Attacks

Last Updated on Thursday, 23 August 2012 03:20 Written by Andrew Ivanov Monday, 27 August 2012 12:00

Cross-site scripting (XSS) describes a vulnerability typically found in Web applications. If steps are not taken to prevent this type of vulnerability, an attacker can inject code (typically JavaScript) into Web pages hosted on different domains. For more information about XSS and other kinds of client vulnerabilities, see Client-side Cross-domain Security. For Silverlight, XSS issues are possible, but less likely than in traditional HTML development. However, an exploited cross-site scripting vulnerability can give the attacker access to any cookies, isolated storage, and authentication data that the browser would normally only give to a legitimate client.

In Silverlight, XSS issues typically occur when attacker-controlled strings are inserted into markup without first validating or escaping the attacker-controlled string.