Its a condensed summary of most common XSS types, but a good place to start. Any developer trying to XSS-proof their application should not stop at that, though. I just started on XSS-proofing a...
Its a condensed summary of most common XSS types, but a good place to start. Any developer trying to XSS-proof their application should not stop at that, though.
I just started on XSS-proofing a legacy application in $DAYJOB and it has been very interesting to learn seemingly simple exploitation and often equally simple fixes.
But the ultimate result is me being horrified at web as an development platform, considering how much the goalpost keeps moving.
As I understand it the most important thing to have is a locked down CSP. The fact that this article doesn’t mention that makes it not very useful in educating the user in XSS mitigation. It does...
As I understand it the most important thing to have is a locked down CSP. The fact that this article doesn’t mention that makes it not very useful in educating the user in XSS mitigation. It does a decent job at explaining what XSS is, though.
Its a condensed summary of most common XSS types, but a good place to start. Any developer trying to XSS-proof their application should not stop at that, though.
I just started on XSS-proofing a legacy application in $DAYJOB and it has been very interesting to learn seemingly simple exploitation and often equally simple fixes.
But the ultimate result is me being horrified at web as an development platform, considering how much the goalpost keeps moving.
As I understand it the most important thing to have is a locked down CSP. The fact that this article doesn’t mention that makes it not very useful in educating the user in XSS mitigation. It does a decent job at explaining what XSS is, though.
This article presents a good introduction for any person who wants to learn about Cross-Site Scripting in a beginner-friendly way.