Chapter 3. Cross-site Scripting
Welcome back! In this chapter, we will take a closer look at one of the most common JavaScript security attacks: cross-site scripting.
What is cross-site scripting?
Cross-site scripting is a type of attack where the attacker injects code (basically, things such as client-side scripting, which in our case is JavaScript) into the remote server.
If you remember, we did something similar in the previous chapter: we posted something that says alert(), which unfortunately gets saved into our database. When our screen refreshes, the alert gets fired off. This alert() function gets fired off whenever we hit that page.
There are basically two types of cross-site scripting: persistent and nonpersistent.
Persistent cross-site scripting ...
Get JavaScript Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
