Abstract: Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.

Abstract: Disclosed are various embodiments for performing security verifications for dynamic applications. An instance of an application is executed. During runtime, it is determined whether the application is accessing dynamically loaded code from a network site. In one embodiment, the access may be detected via the use of a particular application programming interface (API). In another embodiment, the access may be detected via the loading of downloaded data into an executable portion of memory. A security evaluation is performed on the dynamically loaded code, and an action is initiated responsive to the security evaluation.