The types of XSS

XSS attacks

An XSS attack is an attack in which hackers tamper with web pages through “HTML injection” and insert malicious scripts to gain control of users’ browsers while they browse. For example, a hacker publishes an article containing malicious JS code, which is executed by everyone accessing the article, thus completing an XSS attack;

Reflective XSS

Reflective XSS simply reflects user input data back to the browser. In other words, hackers often need to entice users to click on a link in order to succeed.

Type stored XSS

Storage XSS “stores” user-input data on the server side, which is very stable. The hacker saves the malicious script to the user’s server, so this type of attack is storage type, theoretically, it exists for a long time.

XSS defenses

HttpOnly

HttpOnly was first proposed by Microsoft and implemented in Internet Explorer 6, and has since become a standard. The browser will prohibit the page’s JS from accessing the Cookie with the HttpOnly attribute; In fact, HttpOnly is not strictly against XSS, HttpOnly solves the Cookie hijacking attack after XSS. HttpOnly now supports a broad range of browsers, but it only helps mitigate XSS attacks, but other solutions are still needed to address XSS vulnerabilities.

Input inspection

On the defense of XSS, input checking is generally to check whether the data entered by the user contains special characters, such as <,>, etc. If these characters are found, the characters are filtered or encoded. This input check method can be called “XSS Filter”. There are many open source implementations of “XSS Filter” on the Internet. XSS Filter obtains variables when users submit data for XSS check. However, at this time, the user data is not combined with the HTML code of the rendering page, so XSSFilter’s understanding of the context is not complete, and it may even Filter out the < character when the user input 1<3. Therefore, a good XSSFilter is quite important.

Output check

In general, in addition to rich text, you can use encoding or escaping to defend against XSS attacks when variables are output to HTML pages. Similar to the input check.

That’s all; As above.