The invention provides a device for detecting
cross site scripting. The device comprises an index calculating unit, an extracting unit, a code restoring unit, a
semantics restoring unit, a matching degree calculating unit and a judging unit which cooperate with each other; and malicious cross site scripts entrained in a
Web page are identified and extracted by a comprehensive
HTML label analysis methods (comprising four methods, namely EJSRF analysis,
JavaScript code deformation analysis,
JavaScript semantics denaturation analysis and XSS
attack characteristic
mode matching). The cross site script identification and extraction technology taking
HTML label analysis as a core can efficiently and accurately distinguish a normal
JavaScript from the malicious cross site scripts in the
Web page to make
network security detection equipment and a network terminal accurately identify and filter the
Web page which contains the malicious cross site scripts, and simultaneously guarantee legal Web page (without entrained malicious cross site scripts) normally pass.