Chapter 3
Cross-Site Scripting Attack
Cross-site scripting (XSS) is the worst enemy of client script security. The Open Web Application Security Project (OWASP) TOP 10 repeatedly puts XSS at the top of its list. This chapter will discuss the principle of the XSS attack and how to properly defend against it.
3.1 Introduction
XSS was originally abbreviated as CSS, but in order to differ from cascading style sheet (CSS), it was renamed XSS in the security field.
XSS attacks usually refer to hackers tampering with the web page through HTML injection and inserting malicious scripts to control the user’s web browser when the user browses the web. In the beginning, the demonstration case of an attack is cross-domain, so it is called cross-site scripting ...
Get Web Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.