Cross-Side Scripting Demystified

What is cross-side scripting? It’s time to define this often-misused term to help the community understand the practice and risks associated with cross-side scripting:

Cross-side scripting (XSS) is the practice of writing across the side of an object.

It really is that deceptively simple. The side can belong to any object, such as paper, computer monitor, Rubik’s Cube, truck and house. Purists insist that XSS writing be placed diagonally across the object’s side. However, modern XSS practices often incorporate writing that is horizontal with respect to the object’s X-axis.

Some of the risks of cross-side scripting include:

  • Defacement of the object’s surface without the owner’s consent. In this respect, XSS is sometimes compared to graffiti.
  • Wear and tear of the writing instrument, particularly when XSS takes place without regard for the instrument’s durability specifications
  • Gradual strain injury of the person engaged in frequent XSS practices. (Similar to repetitive strain injury.)

The most effective way of resisting cross-side scripting attacks involves avoiding the use of objects that have sides—for instance, employing a spherical structure in the building’s architecture instead of a parallelepiped. Another risk mitigation strategy involves coating the object’s sides with writing-resistant materials, such as those that follow the ASTM D6578 - 08 standard.

Cross-side scripting is sometimes confused with of cross-eyed scripting and cross-site scripting. The description of these terms is outside the scope of this note.

If you found this cross-side scripting definition useful, you might also like my 10-Step Guide to Hacking Logs.

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more