Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

XSS Is Still Tricky

DZone's Guide to

XSS Is Still Tricky

· Web Dev Zone
Free Resource

Get deep insight into Node.js applications with real-time metrics, CPU profiling, and heap snapshots with N|Solid from NodeSource. Learn more.

 This works in Safari, Firefox, Chrome, and Opera.

<!DOCTYPE html>
<head>
<title>Oh no!</title>
<script type="text/javascript">
    var xss = "</script><script>alert('XSS');</script>";
</script>
</head>
<body>
<p>And you thought parsers were smart.</p>
</body>
</html>




Node.js application metrics sent directly to any statsd-compliant system. Get N|Solid

Topics:

Published at DZone with permission of Chris Shiflett, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}