Lesson 8: Dom-Based XSS

The DOM-BASED XSS attack basically works when you use URI fragments (# character in the URL and content after that) in your website to save where your user was at the last time and the hacker uses that to inject his script to download the user's cookie whenever visit the URL again. Today we learned how we can use Dom-Based XSS to our advantage, protect against it, and test ourselves to check our knowledge of it.

Link in the video: How Cross-site Scripting works - https://www.acunetix.com/websitesecurity/cross-site-scripting/?utm_source=hacksplaining&utm_medium=post&utm_campaign=articlelink Content security policy - https://web.dev/csp/ CSP (Content Security Policy) on the Mozilla Developer Network - https://developer.mozilla.org/en-US/docs/Web/Security/CSP DOM Based Cross-site Scripting Vulnerability - https://www.netsparker.com/blog/web-security/dom-based-cross-site-scripting-vulnerability/?utm_source=hacksplaining&utm_medium=post&utm_campaign=articlelink Content Security Policy Explained - https://www.netsparker.com/blog/web-security/content-security-policy/?utm_source=hacksplaining&utm_medium=post&utm_campaign=articlelink