Cross-site scripting is the number one vulnerability on the web today. If you are writing any kind of web software, and you don’t know about this, you should know this!
October 14, 2016
Cross-site scripting is the number one vulnerability on the web today. If you are writing any kind of web software, and you don’t know about this, you should know this! And if you are the kind of person who likes to play about with websites, and break them, in a definitely legal manner, you should know this.
To explain it, we have to go back to the early days of the internet. We have to go back to Tim Berners-Lee sitting at CERN, making up how the web will work. The web is based on something called HTML, HyperText Markup Language. Most people who are reading this, I think, will know how this works, but just very quickly, it means that you have tags.
An HTML document starts with angle brackets like this and closes with angle brackets like this. Anything between angle brackets is read as an instruction.
So if I wanna put some text in bold, I put a tag and a close tag, and I put some text in the middle, and that becomes bold. Those angle brackets, wherever they are in the document, mean “an instruction is coming here.”