"Cross Site Scripting" ¤Îά¡£·Ç¼¨ÈÄ¤Ê¤É¤Ç HTML ¥³¡¼¥É¤òŬÀڤ˥¨¥¹¥±¡¼¥×¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤ËȯÀ¸¤¹¤ëÀȼåÀ­¡£°­°Õ¤Î¤¢¤ë JavaScript ¥³¡¼¥É¤ò´Þ¤à¥á¥Ã¥»¡¼¥¸¤òÀȼåÀ­¤ò»ý¤Ä¥µ¥¤¥È¤ËÅê¹Æ¤¹¤ë¤è¤¦¤Ê¥ê¥ó¥¯¤òÀßÃÖ¤·¤Æ¤ª¤¯¤³¤È¤Ç¡¢¤½¤ì¤ò¥¯¥ê¥Ã¥¯¤·¤¿¥æ¡¼¥¶¡¼¤Î Cookie ¤Ê¤É¤òÅð¤ß½Ð¤¹¤³¤È¤¬¤Ç¤­¤ë¡£¤³¤Î¥ê¥ó¥¯¤ÏÀȼåÀ­¤ò»ý¤Ã¤¿¥µ¥¤¥È¤È¤ÏÊ̤ξì½ê¤Ë¤¢¤Ã¤Æ¤â¤è¤¯¡¢¤³¤ì¤¬¡ÖCross Site¡×¤È¤¤¤¦Ì¾Á°¤Î½ê°Ê¡£¤¿¤È¤¨¥æ¡¼¥¶¡¼Ç§¾Ú¤Ê¤É¤ò¤·¤Æ¤¤¤Æ¤â CSRF ¤È¤ÎÁȤ߹ç¤ï¤»¤Ç¹¶·â¤¬À®Î©¤¹¤ë¾ì¹ç¤¬¤¢¤ë¤Î¤ÇÍ×Ãí°Õ¡£ Web ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÇºÇ¤â¤è¤¯¸«¤é¤ì¤ëÀȼåÀ­¤Î¤Ò¤È¤Ä¡£

¥­¡¼¥ï¡¼¥É

• JavaScript
• Cookie
• CSRF

»²¹Í

• ¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°Âкö¤Î´ðËÜ
• ¥¯¥í¥¹¥µ¥¤¥È¡¦¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°
• ¡ÖXSSÀȼåÀ­¤Ï´í¸±¡¤Cookie¤òÅð¤Þ¤ì¤ë¤À¤±¤Ç¤ÏºÑ¤Þ¤Ê¤¤¡×ÀìÌç²È¤¬Ãí°Õ´­µ¯
• ÀȼåÀ­¤òÍøÍѤ·¤¿¹¶·â¼êË¡¡Ê5¡Ë --- ¥¯¥í¥¹¥µ¥¤¥È¡¦¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°¡ÊÁ°ÊÔ¡Ë