2 Cross-site scripting (XSS)

This chapter covers

Understanding how cross-site scripting (XSS) works
Learning about different types of XSS
Preventing XSS by escaping output
Using Content Security Policy (CSP) against XSS
Judging other browser features against XSS

In 2014, the BBC reported (https://www.bbc.com/news/technology-29241563) that clicking on certain links on eBay would redirect users to a phishing site: it looked similar to eBay, but, of course, wasn’t legitimate. The security researcher who found the vulnerability supposedly contacted the firm to no avail. An official inquiry by the BBC then sped things up, and the issue was resolved.

About 10 years earlier, a security researcher managed to pull a similar stunt, redirecting eBay users ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

2 Cross-site scripting (XSS)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly