Cross-Side Scripting Demystified

What is cross-side scripting? It’s time to define this often-misused term to help the community understand the practice and risks associated with cross-side scripting:

Cross-side scripting (XSS) is the practice of writing across the side of an object.

It really is that deceptively simple. The side can belong to any object, such as paper, computer monitor, Rubik’s Cube, truck and house. Purists insist that XSS writing be placed diagonally across the object’s side. However, modern XSS practices often incorporate writing that is horizontal with respect to the object’s X-axis.

Some of the risks of cross-side scripting include:

  • Defacement of the object’s surface without the owner’s consent. In this respect, XSS is sometimes compared to graffiti.
  • Wear and tear of the writing instrument, particularly when XSS takes place without regard for the instrument’s durability specifications
  • Gradual strain injury of the person engaged in frequent XSS practices. (Similar to repetitive strain injury.)

The most effective way of resisting cross-side scripting attacks involves avoiding the use of objects that have sides—for instance, employing a spherical structure in the building’s architecture instead of a parallelepiped. Another risk mitigation strategy involves coating the object’s sides with writing-resistant materials, such as those that follow the ASTM D6578 – 08 standard.

Cross-side scripting is sometimes confused with of cross-eyed scripting and cross-site scripting. The description of these terms is outside the scope of this note.

If you found this cross-side scripting definition useful, you might also like my 10-Step Guide to Hacking Logs.

Lenny Zeltser

Updated

About the Author

Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more