Cross-Site Scripting
Cross-site scripting (XSS) is a prevalent security concern in untamed web applications, especially those within the confines of a container. XSS is the most widely used vulnerability attack in this space. An attacker can use XSS to inject client-side scripts into the pages viewed by other users. Once on the page, these scripts can be used to bypass access controls like the same-origin policy.
The consequences of working with a site that is running XSS can range from simple annoyance all the way up to a serious security vulnerability that allows the attacker to capture login details, credit card information, the user’s personal profile data, or any number of other private interactions that take place online.
A simple example of XSS is the implementation of advertising on a web application, which allows the third-party advertiser to run some frontend code within the site. Advertising is a form of self-inflicted XSS, but in most cases the website can trust that the advertiser won’t do anything malicious.
Even though this is a standard security vulnerability with web applications, it reinforces the need for some measure of application control when third-party code and applications are running within a social networking container.
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
