🍋
peasy / safe
Menu
Alle Tools Anleitungen 33 Glossar 45 Dateiformate 131 Anwendungsfaelle 302 API

Categories

P pdf I image D document T text D developer C css D design V video A audio Q qr S seo S security S social M math G generator
🍋 peasytools.com
Security

XSS

Cross-Site Scripting

An attack injecting malicious scripts into web pages viewed by other users, stealing data or session tokens.

Technisches Detail

XSS attacks exploit the browser's trust in page content. Stored XSS persists in the database (most dangerous). Reflected XSS appears in URL parameters. DOM-based XSS occurs entirely in client-side JavaScript. Defenses: output encoding (HTML entities, JavaScript escaping), Content Security Policy (CSP) headers, HttpOnly cookies (preventing JavaScript access), and framework auto-escaping (React, Django, Angular). The primary rule: never insert untrusted data into HTML without context-appropriate escaping.

Beispiel

```javascript
// XSS — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
  .map(b => b.toString(16).padStart(2, '0')).join('');
```

Verwandte Formate

.pages

Verwandte Tools

P Password Generator P Password Strength Checker H Hash Generator H HMAC Generator A AES Encrypt / Decrypt R Random String Generator C CSP Header Generator T Text Redactor C CORS Header Generator S SRI Hash Generator B Base64 Encoder / Decoder J JWT Decoder U UUID Generator T TOTP Configurator S SSL Certificate Decoder

Verwandte Begriffe

AES Checksum Command Injection Certificate Pinning Argon2 CORS Misconfiguration 2FA Clickjacking