How it works...
XSS vulnerabilities happen when weak or no input validation is done and there is no proper encoding of the output, both on the server side and client side. This means that the application allowed us to introduce characters that are also used in HTML code and, when it was going to send them to the page, did not follow any encoding process (such as using the HTML escape codes < and >) to prevent them from being interpreted as HTML or JavaScript source code.
These vulnerabilities are used by attackers to alter the way a page behaves on the client side and to trick users into performing tasks without them knowing, or to steal private information.
To discover the existence of an XSS vulnerability, we followed some leads: ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access