How Cross-site Scripting Attacks Work
The following figure shows an example of what can happen when you return data to a user. In this case, the Web site displays a personalized greeting, "Hello Blake." (This same problem can also occur, for example, when a user enters a search string to find a product or other content on your site.) After viewing the personalized content, the attacker decides to test the security of your site by adding a script to the URL, to determine whether your site will execute it.
In this sample, the script is executed, and now all users will be redirected to the attacker's Web site, www.<the attacker's server>.com. When users enter the attacker's Web site, the attacker can gather their profile data.
This attack can be used against computers behind firewalls. Many corporate local area networks (LANs) are configured such that client computers trust servers on the LAN but do not trust servers on the outside Internet. However, a server outside a firewall can fool a client inside the firewall into believing a trusted server inside the firewall has asked the client to execute a program. All the attacker needs is the name of a Web server inside the firewall that does not check fields in forms for special characters. This is not trivial to determine unless the attacker has inside knowledge, but it is possible.
For more information about cross-site scripting issues, see the article "Cross-Site Scripting Overview" at http://go.microsoft.com/fwlink/?LinkId=6717.