{"data":{"markdownRemark":{"html":"<p>Today’s topic: Cross-site scripting (XSS)</p>\n<p>Cross-site scripting is when an attacker injects client-side scripts into a web page that can be seen by other viewers of the same web page. XSS is one of the most common publicly reported security vulnerability.</p>\n<p>For example, if you have a blog where users can add comments to your blog posts, an attacker can write a script in that comment and submit it. That will add the script comment in the comment section. When another user comes to that page, the script will execute.</p>\n<p>Other things that a hacker can do using XSS are:\n</br>1️⃣Spreading worms on social media sites - an executable program that replicates itself in order to spread to other systems\n</br>2️⃣Session hijacking - can steal a cookie containing the session ID of a user to a remote site under the hacker’s control\n</br>3️⃣Identity theft - if a user enters sensitive information to a compromised website, the details can be stolen</p>\n<p>The ways to prevent this are:\n</br>1️⃣Sanitize your inputs - any input that you get from a user should be checked and cleaned out.\n</br>2️⃣Content Security Policy (CSP) - add CSP to your headers to whitelist where JavaScript can be loaded and executed from. For example, Content-Security-Policy: script-src 'self' <a href=\"https://apis.google.com\">https://apis.google.com</a>. This states that JavaScript can only be run from our own domain name and google APIs. If you are using NodeJS, check out the content-security-policy npm package.\n</br>3️⃣Secure &#x26; HTTPOnly Cookies - mark cookies as HTTP-only, this means that cookies will be received, stored and sent by the browser but cannot be modified or read by JavaScript.</p>\n<p>Let me know if you have any questions!</p>\n<p>Happy Friday and have a great weekend!!🤩</p>\n<h3>#buildtheweb #buildupdevs #code #coder #codingisfun #codinglife #computerscience #comp #dev #developer #devlife #educateyourself #fullstackdeveloper #geek #learntocode #lifeofadeveloper #programming #programmerrepublic #softwaredeveloper #softwareengineer #webdeveloper #womenintech #worldcode #javascript #html #css #instatech #momswhocode #momscancode</h3>","frontmatter":{"path":"/post-xss","title":"Cross-site Scripting (XSS)","author":"CodingBeenz","date":"26 April, 2019","featuredImage":{"childImageSharp":{"sizes":{"base64":"data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAVABQDASIAAhEBAxEB/8QAGAABAAMBAAAAAAAAAAAAAAAAAAECAwT/xAAWAQEBAQAAAAAAAAAAAAAAAAABAAP/2gAMAwEAAhADEAAAAbTTKOtANIDToEf/xAAbEAACAgMBAAAAAAAAAAAAAAABAgATAwQRFP/aAAgBAQABBQJcTcrMCGNsBG9IJxIWSlZSkA4P/8QAGBEAAgMAAAAAAAAAAAAAAAAAAAEQERL/2gAIAQMBAT8BpGZ//8QAGBEAAgMAAAAAAAAAAAAAAAAAAAEQEiH/2gAIAQIBAT8B0s5//8QAGxAAAgIDAQAAAAAAAAAAAAAAABEBAhAxMiH/2gAIAQEABj8C9tLO5Oi0JmtjvvKP/8QAHRABAAMAAgMBAAAAAAAAAAAAAQARMSFhQVGRsf/aAAgBAQABPyFBReRC+supS4tXsip224ut+FbCuj8i+3Op+wiGE//aAAwDAQACAAMAAAAQBz+D/8QAGBEAAgMAAAAAAAAAAAAAAAAAAAEQEVH/2gAIAQMBAT8QCmCj/8QAFhEBAQEAAAAAAAAAAAAAAAAAARAx/9oACAECAQE/EFGRSf/EABsQAQADAAMBAAAAAAAAAAAAAAEAESExQbFx/9oACAEBAAE/EG8Q0pBiEm7Bv2LoHEtDFe6UKZAUbp6ZkSOuDxGrtfsARIrSei2f/9k=","aspectRatio":0.9670610809082187,"src":"/static/b8eabc56aa006573f9ab48d33ee8f247/08385/featured-image.jpg","srcSet":"/static/b8eabc56aa006573f9ab48d33ee8f247/4a8c6/featured-image.jpg 158w,\n/static/b8eabc56aa006573f9ab48d33ee8f247/845c7/featured-image.jpg 315w,\n/static/b8eabc56aa006573f9ab48d33ee8f247/08385/featured-image.jpg 630w,\n/static/b8eabc56aa006573f9ab48d33ee8f247/7320b/featured-image.jpg 945w,\n/static/b8eabc56aa006573f9ab48d33ee8f247/e8b76/featured-image.jpg 1260w,\n/static/b8eabc56aa006573f9ab48d33ee8f247/7c633/featured-image.jpg 1890w,\n/static/b8eabc56aa006573f9ab48d33ee8f247/0599d/featured-image.jpg 3024w","sizes":"(max-width: 630px) 100vw, 630px"}}}}}},"pageContext":{"isCreatedByStatefulCreatePages":false}}