From the course: PHP: Creating Secure Websites

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Cross-site scripting (XSS)

Cross-site scripting (XSS) - PHP Tutorial

From the course: PHP: Creating Secure Websites

Start my 1-month free trial

Cross-site scripting (XSS)

- [Instructor] In this chapter, we will discuss defenses against the most common attacks on web applications. We will review each attack briefly, but we're going to focus primarily on solutions. We'll begin by looking at cross-site scripting, or XSS for short. Cross-site scripting is when a hacker is able to inject arbitrary JavaScript code into someone else's webpage. It's used to trick users of that webpage into running that JavaScript code. It can even be used to steal cookies from their browser. An example of a cross-site scripting attack would be getting a user to click a malicious link which includes a URL parameter containing JavaScript. When the page loads, if the parameter is included in the HTML, it will include the JavaScript and the code will execute. This example just pops up a harmless alert box that says, "Gotcha!" but it could be any JavaScript. It could access the browser's cookie data or send data to…

Contents