Cross-site scripting (XSS) attack defense method and Web server

The invention discloses a cross-site scripting (XSS) attack defense method and a Web server, relates to the technical field of internet, and aims at performing XSS attack defense through the Web server. The XSS attack defense method comprises the steps of acquiring the type and content character strings of a received message through the Web server; inquiring a preset XSS attack feature library according to the content character string; determining that the message has the XSS attack features if at least one character of the content character string is matched with the XSS attack description feature in the XSS attack feature library; performing defense treatment for a request message; the XSS attack description features are stored in the XSS attack feature library.