Cross-Site Scripting Phishing Through Frames [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. 开发者_运维知识库 Closed 12 years ago.

how we can protect Cross-Site Scripting Phishing Through Frames.

---

Have your users come to you directly, NOT through an intermediary. Use a valid SSL certificate so they can know they are truly at your web site. Have a recognizable name.

Require a valid, unpredictable key to allow making changes via your site. In other words, use a session in conjunction with an unpredictable nonce before users can make changes.

To protect yourself from being used to attack other sites, do not allow your users to post HTML content that will be displayed, without escaping, to other users.