Cross-Side Scripting Demystified

What is cross-side scripting? It’s time to define this often-misused term to help the community understand the practice and risks associated with cross-side scripting:

Cross-side scripting (XSS) is the practice of writing across the side of an object.

It really is that deceptively simple. The side can belong to any object, such as paper, computer monitor, Rubik’s Cube, truck and house. Purists insist that XSS writing be placed diagonally across the object’s side. However, modern XSS practices often incorporate writing that is horizontal with respect to the object’s X-axis.

Some of the risks of cross-side scripting include:

  • Defacement of the object’s surface without the owner’s consent. In this respect, XSS is sometimes compared to graffiti.
  • Wear and tear of the writing instrument, particularly when XSS takes place without regard for the instrument’s durability specifications
  • Gradual strain injury of the person engaged in frequent XSS practices. (Similar to repetitive strain injury.)

The most effective way of resisting cross-side scripting attacks involves avoiding the use of objects that have sides—for instance, employing a spherical structure in the building’s architecture instead of a parallelepiped. Another risk mitigation strategy involves coating the object’s sides with writing-resistant materials, such as those that follow the ASTM D6578 - 08 standard.

Cross-side scripting is sometimes confused with of cross-eyed scripting and cross-site scripting. The description of these terms is outside the scope of this note.

If you found this cross-side scripting definition useful, you might also like my 10-Step Guide to Hacking Logs.

Lenny Zeltser

Updated

About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more