Server-Driven Web Apps with htmx

Cross-Site Scripting Attacks (XSS)

An XSS attack can occur when JavaScript running in a browser obtains text that may contain JavaScript code and uses it in one of the following ways which result in executing the JavaScript.

Set the innerHTML property of a DOM element to text that includes script tags that contain JavaScript code.
Pass text containing JavaScript code to the eval function.
Pass text containing JavaScript code as the first argument to the setTimeout or setInterval function.

This is particularly concerning when the text includes calls to the fetch function. With a strict default CSP in place, calling the fetch function from an inline script is only allowed if the script-src or script-src-elem directive includes the unsafe-inline ...

Get Server-Driven Web Apps with htmx now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Server-Driven Web Apps with htmx by R. Mark Volkmann

Cross-Site Scripting Attacks (XSS)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly