Cross Site Scripting or XSS (also known as cross domain scripting, cross domain JavaScript or cross server scripting) and Click Jacking are the most important types of threats you may face during web browsing. Let us see how you can prevent malicious JavaScript from running on sites you visit.
Click-jacking deceives you into clicking on content from another website without your knowledge. In Click-jacking when you click in the malicious page, you’re actually clicking on something else. Cross-site scripting attacks (XSS attacks) try to exploit vulnerabilities in the websites you use. Cross-site scripting enables malicious attackers to inject client-side script into web pages viewed by other users.The malicious script is usually JavaScript, but any scripting language supported by the browser is a potential target for this attack.
Prevent malicious JavaScript from running on sites you visit
Internet Explorer 8 offers this protection right out of the box, and turned on by default.Internet Explorer 8 includes a cross-site scripting filter that can detect these types of attacks and disable the harmful scripts.This is probably one of the most important improvements in IE 8 is its defence against cross-site scripting (XSS) attacks.
All the XSS filtering will take place inside IE’s rendering engine.When IE detect the attack, it will refuse to execute the related script code and alert the user that an attack has been blocked.
If your are using Firefox, to enable protection against Cross Site Scripting (XSS) and Click-jacking, you can use the excellent add-on NoScript 2.0.3. As mentioned in Mozilla “It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your “trust boundaries” against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.”
You can do download NoScript from here. The add-on will display on your status bar. It gives options to you to allow or disallow scripts. See below.
This add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice.Also you can add sites to white-list as seen in below screenshot.
Before you go, subscribe to get latest technology articles right in your mailbox!.