DEV Community

Cover image for XSS - are you sure you are protected?
Rafal Hofman
Rafal Hofman

Posted on • Originally published at brightinventions.pl

3

XSS - are you sure you are protected?

As a developer, you probably have heard what XSS is and how to defend against it by escaping user input. You also probably might have heard that modern frontend frameworks like React or Angular are XSS safe (due to escaping). Still, though there are some XSS caveats worth remembering:

Imagine you have a form where the user adds an address to his page/Facebook/Instagram etc. You might have HTML code like:

<a href="https://brightinventions.pl/">User page</a>

When taking input from the user which later will be displayed in a href tag (or any other "new link" click tag-like frame) it is important to validate the protocol of the URL. User can simply add their page with javascript protocol and execute XSS.

<a href="javascript:alert('XSS!');">User page</a>

To conclude: to defend against XSS, besides escaping user input do validate the protocol of URL. Let me know if you have any other interesting thoughts when it comes to XSS!

Sentry blog image

How to reduce TTFB

In the past few years in the web dev world, we’ve seen a significant push towards rendering our websites on the server. Doing so is better for SEO and performs better on low-powered devices, but one thing we had to sacrifice is TTFB.

In this article, we’ll see how we can identify what makes our TTFB high so we can fix it.

Read more

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay