July 2017
Intermediate to advanced
656 pages
16h 1m
English
book
Node Cookbook - Third Edition
by Matteo Collina, David Mark Clements, Peter Elger, Mathias Buus Madsen
Content preview from Node Cookbook - Third Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How it works...
There are two mains types of XSS, reflected and persistent. Persistent XSS is where an attacker was able to implant a code exploit within a persistent layer of our architecture (for instance, a server-side database, but also caching layers and browser persistent could come under the same banner). Reflected XSS is reliant on a single interaction with a server, such that the content returned by the server contains the code exploit.
In our case, the main problem is a reflected XSS vulnerability.
The way the href attribute of the anchor tag (<a>) is constructed from input parameters allows an attacker to create a URL that can effectively break context (that is, the context of being an HTML attribute), and inject code into the ...