@faizan
secure flag will make browser set cookie only for https. httpOnly will make sure that cookie is not accessible by javascript where it is usually accessed by document.cookie. But XSS attack basically means the attacker tries to inject malicious script in your browser.
Lets say in dev.to blog If i was able to inject this
This is very insightful! But isn't setting httpOnly and secure flag on cookies prevent the xss attacks?
@mdfaizan7 Please find the answer below
@faizan secure flag will make browser set cookie only for https. httpOnly will make sure that cookie is not accessible by javascript where it is usually accessed by document.cookie. But XSS attack basically means the attacker tries to inject malicious script in your browser.
Lets say in dev.to blog If i was able to inject this
Whenever my blog is opened the users account will be deleted.
In this case even if it is secure and httpOnly, its of no use right ?
Hey, sorry that's not me :P
I mean you mentioned me.
You're right though, hence sanitization 🙂
Oops! Sorry about that.