Hello participants of Mailing List. On this week I've wrote two new articles. So I'll tell you briefly about my last publications about methods of protection against XSS. This topic should be interesting for you (especially for those, who haven't read them before). These methods also can be used for such task as isolation of web applications, as I've wrote earlier (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-December/008641.html) In December 2011 I've made a series of articles about methods of defending against ClickJacking. And this year I've decided to make a series of articles about methods of defending against XSS attacks. 1. Protection against XSS with HttpOnly http://websecurity.com.ua/6220/ In this article I've told about HttpOnly as a method of protecting against classic XSS attack on cookies stealing. Which is known since 2002, when Microsoft developed it for IE6 SP1. Wrote about HttpOnly pros and contras. Described its shortcomings, methods of bypassing and the list of browsers which support it. 2. Protection against XSS with JavaScript http://websecurity.com.ua/6237/ In this article I've told about special JavaScript code as a method of protecting against classic XSS attack on cookies stealing. And also it can be used for protecting from other XSS attacks (for both of which I've presented JS codes). Which I've developed in the beginning of 2008. Wrote about its pros and contras. And compared it with HttpOnly (this JS method has many advantages comparing with it). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua