Cross-site scripting (XSS) is the worst enemy of client script security. The Open Web Application Security Project (OWASP) TOP 10 repeatedly puts XSS at the top of its list. This chapter will discuss the principle of the XSS attack and how to properly defend against it.
XSS was originally abbreviated as CSS, but in order to differ from cascading style sheet (CSS), it was renamed XSS in the security field.
XSS attacks usually refer to hackers tampering with the web page through HTML injection and inserting malicious scripts to control the user’s web browser when the user browses the web. In the beginning, the demonstration case of an attack is cross-domain, so it is called cross-site scripting ...