😄Welcome
Local Setup
Rust
- 🦀Cargo
Java
Go
- 🔹Go Routine and Channel
- 🔹Go CLI
Ruby and Rails
Fundamental
Database
- 🗃️What is Transaction ?
- 🗃️ACID
Postgres
Elastic Search
- 🔍What is Elastic Search ?
- 🔍Node and Cluster
Kubernetes
- ☸️What is Kubernetes ?
- ☸️Kubernetes Architecture
☸️Pod
☸️ReplicaSet
☸️Deployment
☸️Service
☸️Config Map
☸️Namespaces
☸️Kube Apply Command
☸️Scheduling
☸️Monitoring
AWS
Backend Security
Medium
Book
- 📚System Design Interview - An Insider's Guide (Volume 1

Powered by GitBook

On this page

Backend Security

🎩Cross site script (XSS)

PreviousSQL Injection NextCross site request forgery (CSRF)

Last updated 1 month ago

This is the way that hacker can pass the script like Javascript into our system or database.

Example

We have a database that store comments in plain text without validation input
Hacker send the script as a text for input then we store it in DB
After client open the website to view the comment then the script will be run.

How to Protect

Input validation to protect script
Encode data before render html -> Modern framework already handle it such as React it will escapes special characters by default.
Add header Content Security Policy(CSP)-> to determine with kind of JS script can run

Drawing