Prev Next

DataStructures / System Design

What is Cross-site scripting?

Cross-site scripting (XSS) occurs when malicious code is included in an HTML response, that alters the way the page is rendered. The malicious data is interpreted as script and executed on the client's browser.

There are 2 types of XSS.

Reflected: Data from the incoming HTML request is returned in the outgoing HTML response. This type of XSS targets a specific user by exploiting a defect in the application that results in the application returning the malicious data back to the user.

Persisted: Data on the server is included in the outgoing HTTP response. Usually targets one or more users.

XSS can result in unavailability, defacement, unauthorized access, session hijacking, identity theft, account harvesting, or full compromise of the system.

To mitigate XSS risk:

  • Use appropriate encoding on data to change HTTP responses.
  • Utilize HTTP security headers, such as content security policy, and use safe APIs such as textContent instead of innerHtml.
  • Consider using client-side templating libraries.

It's right time to invest in Cryptocurrencies Dogecoin! Earn free bitcoins up to $250 now by signing up.

Earn bitcoins upto $250 (free), invest in other Cryptocurrencies when you signup with blockfi. Use the referral link: Signup now and earn!

Using BlockFi, don't just buy crypto - start earning on it. Open an interest account with up to 8.6% APY, trade currencies, or borrow money without selling your assets.

Join CoinBase! We'll both receive $10 in free Bitcoin when they buy or sell their first $100 on Coinbase! Available in India also. Use the referral Join coinbase!

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

Show more question and Answers...

Amazon Web Service (AWS)

Comments & Discussions