Cross-Site Scripting Attacks

Serverless Single Page Apps — by Ben Rady (51 / 67)

👈 Query Injection Attacks | TOC | Cross-Site Request Forgery 👉

A cross-site scripting (XSS) attack involves including <script> tags or other HTML markup in content that is appended directly to HTML elements in a page. This causes the markup to be evaluated, and in the case of <script> tags, this means that the JavaScript inside the tags will be evaluated. Since single page apps make heavy use of dynamic HTML, we need to be concerned about this kind of attack.