XSS Explained with React and Vanilla JS Examples | Cross Site Scripting | dangerouslySetInnerHTML

Показать описание

In this video, I talk about the basics of Cross Site Scripting (XSS), how to exploit it and how to prevent it.

00:00 Welcome
00:22 What is XSS?
01:04 First Look at XSS
01:38 Why this is BAD
02:53 Reflected XSS
03:13 Stored XSS
03:54 Real World XSS
05:05 Twitter XSS Explained
05:34 Blind XSS
06:12 Vulnerable Code with innerHTML
07:51 Safe Code with textContent
08:58 Sanitizing HTML with a custom function
11:50 Safe Code with DOMPurify
14:09 Never Trust User Provided Input
15:16 Preventing XSS Summary
16:24 Fixing Attribute Injection
18:04 This scares me
18:33 XSS in React
19:41 dangerouslySetInnerHTML in React
21:00 Trust no one
21:44 DOMPurify with React
23:04 XSS Brain Implant
23:52 XSS for Backend Devs
24:36 Scanners and Static Code Analysis
25:00 Conclusion / Summary

Рекомендации по теме

Комментарии

Wow this is good. Good demonstration with many examples. Please continue this series.

I would like to make a request. CSRF please in this series. With nextjs and normal nodejs react.

Thank you for this

jitxhere

Wow Great Video.. Very well explained. Thank you buddy

Pankaj-qbhy

@6:25 I don't see any victim here. Or rather let me say the victim is also the attacker.
I entered a malicious script into my own browser and then claim to be a victim.
This is limited to me and me alone on my site not on anybody else's browser or site.
I don't even get why this called cross site. It's happening in same site.
Or am I missing something here?

LekkyDev

Sorry to ask this on a video that might be unrelated. But I saw you had some videos on coding overlays for Twitch, and I wanted to know if you have any videos that may help me.

I want to code a png character that talks with a text box on the side of the screen. Ideally, if I can get it so that the text appears like what you would see if you were interacting with a game character. The idea is supposed to be like a pngtuber, but instead of voice activated, I could type put what I want to say, and the text would appear next to the character as if it were speaking.

I'm not sure where to begin to get something like this working or if you have any videos relating to something like this. Hopefully, it's not a bother to ask, and thank you if you are able to help.

CATtheDrawer

XSS Explained with React and Vanilla JS Examples | Cross Site Scripting | dangerouslySetInnerHTML

XSS Explained with React and Vanilla JS Examples | Cross Site Scripting | dangerouslySetInnerHTML

Preventing XSS Attacks in React

Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!

How To Prevent The Most Common Cross Site Scripting Attack

Cross-Site Scripting (XSS) Explained! // How to Bug Bounty

XSS Attack on React.js? How to sanitize it

In the Danger Zone: XSS & React | Syneva Runyan

Cross Site Scripting (XSS) Explained with JavaScript

XSS Attacks in React (159)

Content Security Policy explained | how to protect against Cross Site Scripting (XSS)

React XSS Attack Prevention in 1 Minutes

Prevent Cross Site Scripting with DOMPurify

Source maps in React?! Solution to January '22 XSS Challenge

Avoiding XSS with HTML Content in React Applications

React Uygulamalarında XSS Güvenlik Zafiyeti ve Önlemi

The Last XSS Defense Talk - Jim Manico - NDC Porto 2022

What is DangerouslySetInnerHTML in React JS ? Prevent Common XSS (Cross Side Scripting) Attacks

Prevent XSS Browser Attract in your Projects (Reactjs, PHP, javascript,Hacker,StackOverflow)

Running a XSS Attack + How to defend

How to Find XSS on Modern Web Applications: A Bug Bounty Guide

JavaScript Security Vulnerabilities Tutorial – With Code Examples

Blind Cross Site Scripting(XSS)

The Dangers of Cross-Site Scripting (XSS) and How to Prevent It

Gaurav Narwani Explains Cross-Site Scripting | XSS Testing | JavaScript Injection | Worqference