Image by Caspar Camille Rubin on Unsplash
What is Cross site scripting?
XSS(Cross site scripting) occurs when a malicious user is able to execute JavaScript on another users browser to access cookies and sensitive information. This typically happens when the malicious user saves a script on the database and then the script is loaded on another users session.
How it works
the most often occurrence of XSS occurs when the malicious user saves a script tag in an input field
The hacker would enter
<script> alert("Malicious code placed here")</script>In an input field which would then be saved on the server.
When another user loads up the post or how this input is saved on the site, the html would recognize the script tag as normal JavaScript and run the code on the victims site.
How to prevent XSS as a developer
Preventing Cross site scripting is as simple as adding server side validation to input fields. Some developers will sanitize fields on the frontend or forget to do it at all and have a site vulnerable to XSS. adding server side validation on input fields to ensure safety along with preventing measures to run a script on the frontend of an application.
You can learn about more ways to prevent XSS here
Your blogs are truly inspirational. They provide us insight into the coding world in which not many people can go. Your blogs are the only thing left that can help people who can't code on their own. The way you describe every single step so carefully is amazing. You can tell you really love what your blogging about. Thank you for taking time out of your day to help people. You and your blogs are out of this world. Thank you for helping people prevent XSS. You are truly a lifesaver. I hope everyone can get a chance to read your blog for it has truly opened up a new possibility for me.
Your show off your expertise and help your readers out--nice! I like the way you organize your ideas through largely-bolded headings.