Cross-Site Scripting

Cross-Site Scripting (XSS) is a kind of code injection attack in which an attacker inserts arbitrary Javascript code into the page of attacked web site that will be executed in visitor's web browser when he opens the page. The built-in code will be executed in the scope of the attacked domain, which is a bypass Same-origin policy.

Example

There is a web page with the following Javascript code

<script>
document.write("Site URL is " + document.location.href);
</script>

This code gets URL of the current page and displays it in the browser.

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  How to prevent XSS →