How To Prevent The Most Common Cross Site Scripting Attack

preview_player
Показать описание
Cross site scripting is one of the most common ways that a hacker will attempt to infiltrate a website. There are many different forms of cross site scripting, but the most common cause of cross site scripting is using the JavaScript method innerHTML with user input. Any form of user input must be escaped before being used with innerHTML, and any use of innerHTML should be thoroughly thought out to ensure no user input can make it through without being sanitized. It is such an easy mistake to make, but luckily the fix is also just as easy.

Cross Site Scripting Article:

CodePen For This Video:

Twitter:

GitHub:

CodePen:

#XSS #WebDevelopment #Programming
  1. Web Dev Simplified
  2. webdevsimplified
  3. javascript cross site scripting example
  4. what is cross site scripting
  5. what is javascript cross site scripting
  6. javascript cross site scripting tutorial
Рекомендации по теме
How To Prevent 0:04:56

How To Prevent The Most Common Cross Site Scripting Attack

10 Rules to 0:08:44

10 Rules to Prevent Heart Attack (No one thinks of the Last One)

9 Things You 0:03:32

9 Things You Can Do to Reduce or Prevent Cancer Risk

How To Prevent 0:08:27

How To Prevent Muscle Loss When Dieting (Science Explained)

Prevent 90% of 0:12:56

Prevent 90% of Diseases With These Two Things – Sadhguru

What causes acne 0:01:26

What causes acne and how you can prevent it

Early Signs of 0:08:01

Early Signs of Stroke and How to Prevent it Before it's too Late

10 Foods That 0:15:14

10 Foods That PREVENT & KILL CANCER

Top 5 Most 0:00:36

Top 5 Most Dangerous Dogs in the World! #doglover #pets #germanshepherd #pitbull #rottweiler #husky

How Can You 0:02:56

How Can You Prevent the Most Common Injury in Golf?

Five Tips to 0:00:51

Five Tips to Prevent HIV

Common Running Injuries 0:10:37

Common Running Injuries & How To Prevent Them

10 Foods to 0:05:05

10 Foods to Prevent Stroke - Stroke Prevention

PREVENT FOOTBALL INJURIES 0:06:53

PREVENT FOOTBALL INJURIES | Top 3 best tips

10 Tips to 0:12:14

10 Tips to Prevent Injury While Training!

How to Prevent 1:44:01

How to Prevent Almost ALL Disease - The Medlife Crisis Podcast #1

I burp often. 0:01:49

I burp often. How to prevent? |Cause & Treatment of excessive burping-Dr.Ravindra BS|Doctors&apo...

Top 5 CAUSES 0:05:23

Top 5 CAUSES of BAD BREATH | How to Prevent it!

Do this to 0:02:58

Do this to STOP SNORING and prevent SLEEP APNEA! Tongue Pop - Myofunctional Therapy | 4 of 5

How to Prevent 0:04:23

How to Prevent Prediabetes from Turning into Diabetes

5 Legit Ways 0:06:20

5 Legit Ways To Prevent a Hangover & Cure a Hangover | Doctor ER

Focus on Places, 0:09:29

Focus on Places, Not People, to Prevent Crime | Joel Caplan | TEDxStocktonUniversity

How To Prevent 0:05:05

How To Prevent The Vyvanse Crash - 4 Tips

Top 5 Foods 0:00:44

Top 5 Foods to Prevent Prostate Cancer

Комментарии
Автор

Great stuff. Hello from The Odin Project!

FairyRat
Автор

bro recently iw as just using a normal stranger chat page in google and a person did this like showing big running charectors and all....and he told he is doing html should i do???? should he have harmed me????say bro....suddenly my replies went also changed in that site..i then disconnected and me bro..how to check that im secure

akhilpadmanaban
Автор

Explanation for people in a hurry. Clear, objective, and exemplified. You've got another subscriber.

luizgustavoveneziani
Автор

I don't know what's more amazing... that website.. or that hair...

AmmarRai
Автор

Good explanation. But if one does not put queries in the url then stuff like this doesnt matter, so one could still safely use innerHTML.
Generally the client is never safe, because all client code is accessible through dev tools in the browser.

So a strong backend protection and safe routing is all it takes to prevent stuff like this.

dimarak
Автор

hi there, coming from the odin project

poudlardo
Автор

Umm why didn't you show us how to fix the problem right at the end?? Kinda weird that you stopped on the most important part lol

emonymph
Автор

Simple and clear explanation! Thank you!

JosephKhalilov
Автор

This is genuinely terrifying...thank you for covering this topic and informing those of us who don't have that in depth knowledge about such security topics..

leo
Автор

“><script>alert(“Channel Hacked!!!”)</script>

hariprasath
Автор

Thank you, the first 3 minutes perfectly summarized all my questions

codinginflow
Автор

<img src onerror="alert('hi')">

thecodersbay
Автор

If you want to use innerHTML, then just encode it before putting inside innerHTML.

To encode, just replace '<' by '&lt;' and '>' by '&gt;'.

So when it goes in the innerHTML, the browser changes them back to '<' and '>'.

natarajanmuthuraman
Автор

Clear and concise explanation of how this can be dangerous. Ive been looking around for a while now because I couldn't understand the risk associated, but you did a great job doing it, thanks!

leblanc
Автор

Odin project keeps sending me to this golden channel.

anvayjain
Автор

All those who dislike and hate this video are definitely hackers...thanks for the explanation Kyle

viallymboma
Автор

I've seen a bunch of people talk about xss before but you've got a real knack for explaining it simply. Would be great to see more security videos from you!

morgengabe
Автор

Discord had to patch this thing just a week ago, I mean cmon how has nobody considered it?

danser_theplayer
Автор

My pc just got hacked were I axadently put a script in my URL and some guy almost got my pc but I emailed my local police and they got him

travisblogstravis
Автор

Problem is that also innerText is not a a safe method, textContent is a better idea

maciejleszek