The XSS,known as Cross-Site Scripting,is a common security flaw.to understand XSS better,we need to learn some knowledge about front-end development.
One of the most popular using tool is Browser in surfing internet today.with Browser,we can do magic things like reading news,buying items,and searching for flights.although it brings convince to our life,bad guys skilled on internet pose risks to you.
Browser use javascript,which is a high-level programming language and executed by Browser to control web page.for example adding items to trolley,jumping to the payment page and so on,process for all of these is done by javascript.javascript will receive input from user to complete these processes.just imaging,if user input became part of javascript codes or web pages with an evil injection.Terrible,right?this is what xss.
The following segment of javascript code that rececives user input as part of web page is extremely dangerous.in this case,user can inject harmful content affecting the website.assuming that <img src=1 onClick='alert(hack success)'>
is the injected content,javascirpt will add an img element bound with onclick event ,which is displayed as an image on page.if another user clicks the image,javscript code in the onClick event will be executed.
The essence of XSS is that user input flows to risky method like 'innerHtml' and is considered a part of javascript code or a web page,so that malicious operations can occur on the website.XSS is classified into various type based on the injection approach.an article full of many things can be confused,So,next time,we will understand Stored XSS and Reflected XSS in an accessible way.
Top comments (0)