XSS

NVelocity and XSS | Blinded by the lights

NVelocity is a view engine for MonoRail. It’s quite handy and it’s not difficult to deliver such views. One of the flows I can name can be the security issues. By default there’s not much support for security. For instance it’s possible to perform XSS (Cross-site scripting) attacks by providing XHTML or JavaScript code. I…