1. What are XSS and CSRF?
XSS :(cross site script), cross-site scripting attacks. CSRF: cross-site request forgery.Copy the code2. Identify the characteristics of XSS and CSRF attacks?
XSS: Attackers attack the browser, tamper with the normal display of the browser, and steal user information. The attackers can be classified into reflection, storage, and DOMCopy the code3. How to defend against XSS and CSRF attacks?
Prevention against XSS: 1. Input filtering: reliable input verification for all user submissions 2. 3. Use httpOnly cookies to defend against CSRF: this is mainly done on the server side. Refer field of authentication request header on the server 2. Add token 3. Add verification codeCopy the codeAnswer:
