https://github.com/brunormferreira/xss-how-to-defend

a short introduction for how to defend from XSS attack
https://github.com/brunormferreira/xss-how-to-defend

Last synced: 18 days ago
JSON representation

a short introduction for how to defend from XSS attack

• Host: GitHub
• URL: https://github.com/brunormferreira/xss-how-to-defend
• Owner: brunormferreira
• Created: 2020-08-18T13:07:55.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2020-08-18T13:34:32.000Z (over 4 years ago)
• Last Synced: 2024-11-11T08:04:20.547Z (about 2 months ago)
• Language: CSS
• Homepage:
• Size: 1.95 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# xss-how-to-defend

- Its about executing js code in others users devices.

- An example its submit a malicious js code script on inputs.

- Scripts added with ```innerHTML``` is not loaded.

- The big danger its to run an api call with the auth tokens from localStorage for buy a product or something like this.

- ```onerror``` property in `````` tags, that trigger error for image fails. So could be to run some ```alert('hacker')``` by example.

- Node ```sanitize``` for help with this on backend side.

- Frameworks already have a security for this.

- ```npm audit``` still help with this, to att all the dependencies.

- You should use the minimum of third party libraries.