37e9359c9e
- Output messages more clear - Replace success to failure (otherwise lesson is marked complete immediately) - Fix the layout of the lesson (remove whitespace update buttons)
8 lines
583 B
Plaintext
8 lines
583 B
Plaintext
== Try It! Reflected XSS
|
|
|
|
The goal of the assignment is to identify which field is susceptible to XSS.
|
|
|
|
It is always a good practice to validate all input on the server-side. XSS can occur when unvalidated user input gets used in an HTTP response.
|
|
In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
|
|
|
|
An easy way to find out if a field is vulnerable to an XSS attack is to use the `alert()` or `console.log()` methods. Use one of them to find out which field is vulnerable. |