DataStructures / System Design
What is Cross-site scripting?
Cross-site scripting (XSS) occurs when malicious code is included in an HTML response, that alters the way the page is rendered. The malicious data is interpreted as script and executed on the client's browser.
There are 2 types of XSS.
Reflected: Data from the incoming HTML request is returned in the outgoing HTML response. This type of XSS targets a specific user by exploiting a defect in the application that results in the application returning the malicious data back to the user.
Persisted: Data on the server is included in the outgoing HTTP response. Usually targets one or more users.
XSS can result in unavailability, defacement, unauthorized access, session hijacking, identity theft, account harvesting, or full compromise of the system.
To mitigate XSS risk:
- Use appropriate encoding on data to change HTTP responses.
- Utilize HTTP security headers, such as content security policy, and use safe APIs such as textContent instead of innerHtml.
- Consider using client-side templating libraries.
Dogecoin! Earn free bitcoins up to $250 now by signing up.
Earn bitcoins upto $250 (free), invest in other Cryptocurrencies when you signup with blockfi. Use the referral link: Signup now and earn!
Invest now!!! Get Free equity stock (US, UK only)!
The Robinhood app makes it easy to trade stocks, crypto and more.
More Related questions...