14 Cross-site scripting attacks

This chapter covers

Validating input with forms and models
Escaping special characters with a template engine
Restricting browser capabilities with response headers

In the preceding chapter, I introduced you to a handful of little injection attacks. In this chapter, I continue with a big family of them known as cross-site scripting (XSS). XSS attacks come in three flavors: persistent, reflected, and DOM-based. These attacks are both common and powerful.

Note At the time of this writing, XSS is number 7 on the OWASP Top Ten (https://owasp.org/www-project-top-ten/).

XSS resistance is an excellent example of defense in depth; one line of protection is not enough. You’ll learn how to resist XSS in this chapter ...

Get Full Stack Python Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Full Stack Python Security by Dennis Byrne

14 Cross-site scripting attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly