Cross-site Scripting (XSS)
Imagine you are the owner of breddit.com, the number one social media site for the baking industry. You have an avid community of commenters who love sharing their bread knowledge.
Because the main use of your website is to facilitate discussion, users can add comments, which are saved to the database and displayed to other users.
Unfortunately the popularity of your site has also attracted the attention of hackers, who want to access your site for nefarious purposes.
Unless you are careful when constructing the HTML, hackers can abuse the comment function by injecting JavaScript.
Watch how Mal injects some malicious JavaScript.
A real attack might use cross-site scripting to steal another user's cookie, which can permit session hijacking.
Now you try. Inject a script tag to call the upvote() function whenever the page is viewed.
Skull 48bdb4077813afe9762f27e229e64207ec59c3891a54a3adf931c2c91a6d99bd
We'd better learn how to protect against cross-site scripting then.
Mal cdb38ecff0dc0585f07a80c2b779bf872ccc7f66ad857f8e9bdd92a1bb433ce8
Bread cd4e847093a8eaf171343e41e155f65b58ab193246c8d1f7804ed695d16623e7

breddit

How much do you guys like bread?

roll_with_it
I dream of baking tins.
I_knead_you_right_now
I love it so much, I think I might be part duck.
butter_you_than_me
...
butter_you_than_me
...
Vic f6916d0b498dcca89157649e83a41798ebb95961e51494d19148f3bb8fc17e7d
Rude.
That's not good.
Bread cd4e847093a8eaf171343e41e155f65b58ab193246c8d1f7804ed695d16623e7

breddit

How much do you guys like bread?

roll_with_it
I dream of baking tins.
butter_you_than_me
...
butter_you_than_me
...
Haxxed 0 70dc90744916d7848ee770e8315a0d7bc1497d2a369f4d2e52af2b6fb5f97371
Bread cd4e847093a8eaf171343e41e155f65b58ab193246c8d1f7804ed695d16623e7

breddit

Bakers Are Fat-Handed Yeast Monsters

roll_with_it
That's mean. Why would you say that?
Is your website vulnerable to XSS?
Netsparker n 834848961a0bf6ec5556448ff47f421d0b1204a572877a59717064b1088e8c43
Check today. Scan your website for Cross-site Scripting (XSS) and other vulnerabilities with