Tags

  • AWS (8)
  • Apigee (3)
  • ArchLinux (5)
  • Array (6)
  • Backtracking (6)
  • BinarySearch (6)
  • C++ (19)
  • CI&CD (3)
  • Calculus (2)
  • Database (1)
  • DesignPattern (43)
  • DisasterRecovery (1)
  • Docker (8)
  • DynamicProgramming (20)
  • FileSystem (11)
  • Frontend (2)
  • FunctionalProgramming (1)
  • GCP (1)
  • Gentoo (6)
  • Git (16)
  • Golang (1)
  • Graph (10)
  • GraphQL (1)
  • Hardware (1)
  • Hash (1)
  • Kafka (1)
  • LinkedList (13)
  • Linux (27)
  • Lodash (2)
  • MacOS (3)
  • Makefile (1)
  • Map (5)
  • Miscellaneous (1)
  • MySQL (21)
  • Neovim (11)
  • Network (72)
  • Nginx (6)
  • Node.js (33)
  • OpenGL (6)
  • PriorityQueue (1)
  • ProgrammingLanguage (9)
  • Python (10)
  • RealAnalysis (20)
  • Recursion (3)
  • Redis (1)
  • RegularExpression (1)
  • Ruby (19)
  • SQLite (1)
  • Sentry (3)
  • Set (4)
  • Shell (4)
  • SoftwareEngineering (12)
  • Sorting (2)
  • Stack (4)
  • String (2)
  • SystemDesign (13)
  • Terraform (2)
  • Tree (24)
  • Trie (2)
  • TwoPointers (16)
  • TypeScript (3)
  • Ubuntu (4)

    • Home

    Cross-Site Scripting (XSS)

    Published Nov 23, 2022 [  Network  ]

    XSS (Cross-Site Scripting) is a type of security vulnerability found in web applications. It allows attackers to inject malicious scripts (usually JavaScript) into content that is then viewed by other users.

    There are three main types of XSS

    1. Stored XSS: The malicious script is permanently stored on the target server (e.g., in a comment field or user profile). When another user views the page, the script runs in their browser.
    2. Reflected XSS: The script is part of the request (like a URL parameter) and is immediately reflected back in the server response. It only runs when a user clicks a specially crafted link.
    3. DOM-based XSS: The vulnerability exists in the client-side code (JavaScript). It manipulates the DOM in an unsafe way using user input.

    Example

    <!-- Vulnerable code -->
<p>Hello, <span id="name"></span>!</p>
<script>
  const params = new URLSearchParams(location.search);
  document.getElementById("name").innerHTML = params.get("user");
</script>

    If a user visits:

    example.com/?user=<script>alert('XSS')</script>

    The script runs in their browser — a basic example of DOM-based XSS.

    Risks

    • Stealing session cookies
    • Defacing websites
    • Redirecting users
    • Delivering malware

    Prevention

    • Escape or sanitize user input
    • Use HTTP-only cookies
    • Use Content Security Policy (CSP)
    • Prefer safe APIs like textContent over innerHTML