xss-test

index.html is from Dr. Stewart's fesec. This code is based off of OWASP's DOM Based XSS example.

xss attacks

• User enters the following into the username <input>:

  <script>alert("name-input")</script>
  

• Use language query URL:

  http://127.0.0.1:3000/index.html#default=<script>alert("language")</script>
  

• Use name parameter URL:

  http://127.0.0.1:3000/index.html?name=?<script>alert("name-url")</script>
  

References

• Stanford CS 253 Web Security

  • Course Homepage
  • Assignment 2

• auth0 - Defending against XSS with CSP