So, recently i encountered an application which was really secure against XSS.
How many issues can one parameter suffer from:
1. Open redirection
2. Session ID in the URL
3. Session Hijacking by combining 1 and 2
Oh but, really safe against XSS!
Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK
Registered Office: 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK
Telephone: +44 1223 653193
Office hours are UK 08:00 – 17:30
Monday – Friday, except bank UK holidays