Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy

Love your spirit man. You keep regularly updating your videos. Great job.

galfrasian

Great video Hussein. I’ve heard of XSS but never had them explained so clearly. Would love to see more security related videos if the inspiration hits you! This has become my favourite back end channel - thanks for your effort making these.

asderex

:D Your is just perfect. Thank you that i found you.

NishaJakhar

Another Hussein Nasser video woohoooo!

Would be really awesome if you could make a video purely about CSP. How to set it up and what the best practices are :)

jakealert

FYI - its a "reflected" since your code is "reflecting" the search item on the return results page @2:24, thus executing the script.

HayBeseret

Thanks man! You've been shooting out amazing content lately like multiple times a week! Keep up the good work

dean

Hello Hussein after going through video, I realised that it was you . I have watched most of your content on the design

ganeshk

Mahn! Incredibly fun to watch! Love your content bro

tech

Love your style of teaching, man, you are awesome.

potaraju

This is cool man.I was on facebook console doing all things and kept getting this CSP thing, glad you cleared it up.Need to see how to implement it in nginx when delivering static website

sariksiddiqui

Wow!!
Very informative. I lean new things again in less time.... It will help me a lot to prevent outside to come in to my server scripts.

virendrabhati

this is so easily digestable! thank you

urmur

Thank you very much and keep doing your job :)

Wojmasz

Glad to see you actively adding more videos. Trying to watch as many as possible. Can we expect a video on tools like Prometheus and Grafana by any chance?

rahul.r

This was incredibly helpful thank you! How does this work with the HTML tag "meta content="default-src 'self'"? Does this tag mean I don't have to include all the lines of JS shown in your video?

taytot

Thank you Naseer ! This is very helpful

subhajitshome

4:55 In general stored xss is more dangerous than reflected one. First - there are no user action required to run a stored xss (when a reflected xss needs a link) and second - any stored xss can also be used as a reflected xss. I mean, I can make some xss on a page no one goes to, so stored xss is not so dangerous there, but I still can make a link to that page, like with reflected xss.

But, what I was thinking about, is that stored xss is more dangerous on public pages but on private pages reflected xss is more dangerous .
This is because stored xss on private pages in most cases is like self xss - you make that xss, and you can "hack" yourself, but with reflected xss on private pages you can send a link to, for example, profile settings, and it would be quite regular reflected xss.
p.s. of course there's always an ability that admins can go to private pages, so, any stored/reflected xss is bad and no matter where it appeared.

dmitry.gashko

This is $$ Gold $$. Thank you so much. You earned a subscriber!

harshpatel

I just subscribed. You are awesome bro. Thank you loads.

paschalokafor

thanks for the nice explaining it was very enjoyable.

danielrocha