XSS
Cross-Site Scripting (XSS) is a web security vulnerability that lets an attacker inject malicious client-side scripts into pages viewed by other users. When unsanitized input is rendered as executable HTML or JavaScript, the injected script runs in the victim's browser under the site's trust context, enabling session…
12 resources across 4 libraries
Glossary Terms(3)
XSS
Cross-Site Scripting (XSS) is a web security vulnerability that lets an attacker inject malicious client-side scripts into pages viewed by other users. When un…
Cookie
A cookie is a small piece of data that a website stores in a user's browser, sent back to the server with every subsequent request to that site, commonly used…
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a web security vulnerability that lets an attacker inject malicious JavaScript into a page viewed by other users, allowing them t…
Study Notes(3)
Cross-Site Scripting (XSS) Explained
Understand how attackers inject malicious scripts into web pages viewed by other users, and the three major categories of XSS: stored, reflected, and DOM-based.
Preventing XSS
Learn the core defenses against Cross-Site Scripting: contextual output encoding, sanitization, and Content Security Policy, plus how they work together.
Cross-Site Scripting (XSS)
Stored, reflected, and DOM-based XSS explained, with output encoding and CSP as the core defenses.
Cheat Sheets(1)
Interview Questions(5)
What is XSS?
XSS (Cross-Site Scripting) is a vulnerability where an attacker injects malicious JavaScript into a page viewed by other users, letting that script run with th…
What is Content Security Policy (CSP)?
Content Security Policy (CSP) is an HTTP response header that tells the browser which sources of scripts, styles, images, and other resources are allowed to lo…
What Are the Secure and HttpOnly Cookie Attributes?
The Secure attribute tells the browser to send a cookie only over HTTPS connections, and the HttpOnly attribute tells the browser to hide the cookie from JavaS…
What Are HTTP Security Headers and Why Do They Matter?
HTTP security headers are response headers a server sends to instruct the browser to enable or restrict specific behaviors — such as blocking inline scripts, r…
How Do CSP Nonces Prevent Inline Script Injection?
A CSP nonce is a random, single-use token the server generates per response and embeds both in the Content-Security-Policy header and as a nonce attribute on e…