From the course: Web Security: Same-Origin Policies
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Cross-site scripting attacks - JavaScript Tutorial
From the course: Web Security: Same-Origin Policies
Cross-site scripting attacks
- Hackers are continually identifying and exploiting imperfections in the security model and browser makers are constantly testing and hardening their code to seal up these gaps. One of the primary threats is a cross-site scripting or XSS attack. By default, the same origin policy for scripts dictates their browser trusts every script request that comes from a webpage. This enables me to write code that requests scripts from my own domain, as well as requesting scripts for common libraries, frameworks, and other assets from content delivery networks at different domains. This includes scripts other than those coded into the html document. With default settings, any dell manipulation method can add a script element requesting a resource from any domain. As a developer, it's more common to simply add script elements in the html document from the start. Although, in some situations, it makes sense to add script elements later on for performance reasons. But any script from another origin…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.