From the course: PHP: Creating Secure Websites
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Cross-site scripting (XSS) - PHP Tutorial
From the course: PHP: Creating Secure Websites
Cross-site scripting (XSS)
- [Instructor] In this chapter, we will discuss defenses against the most common attacks on web applications. We will review each attack briefly, but we're going to focus primarily on solutions. We'll begin by looking at cross-site scripting, or XSS for short. Cross-site scripting is when a hacker is able to inject arbitrary JavaScript code into someone else's webpage. It's used to trick users of that webpage into running that JavaScript code. It can even be used to steal cookies from their browser. An example of a cross-site scripting attack would be getting a user to click a malicious link which includes a URL parameter containing JavaScript. When the page loads, if the parameter is included in the HTML, it will include the JavaScript and the code will execute. This example just pops up a harmless alert box that says, "Gotcha!" but it could be any JavaScript. It could access the browser's cookie data or send data to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.