Prevent XSS

Which parts of Javascript make XSS a security problem?

Can we simply override document.cookie to prevent it being stolen?

Thanks,

I don’t think you’re going to have much success fighting xss attacks from javascript. There’s definitely some things you can do depending on the situation and what you’re trying to protect against, but there’s no simple answer. You should probably spend most of your time trying to prevent the xss in the first place. It’s hard to prevent something you don’t understand, so take a look at some attack vectors to get a better understanding of some of the ways its done http://ha.ckers.org/xss.html

As far as cookies go, read up on the httponly flag. http://www.owasp.org/index.php/HttpOnly