O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cross-Site Scripting

Cross-site scripting (XSS) is a prevalent security concern in untamed web applications, especially those within the confines of a container. XSS is the most widely used vulnerability attack in this space. An attacker can use XSS to inject client-side scripts into the pages viewed by other users. Once on the page, these scripts can be used to bypass access controls like the same-origin policy.

The consequences of working with a site that is running XSS can range from simple annoyance all the way up to a serious security vulnerability that allows the attacker to capture login details, credit card information, the user’s personal profile data, or any number of other private interactions that take place online.

A simple example of XSS is the implementation of advertising on a web application, which allows the third-party advertiser to run some frontend code within the site. Advertising is a form of self-inflicted XSS, but in most cases the website can trust that the advertiser won’t do anything malicious.

Even though this is a standard security vulnerability with web applications, it reinforces the need for some measure of application control when third-party code and applications are running within a social networking container.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required