The underlying code can be illustrated with a simple pseudo-code example:
$nickname = etNickName(); echo “Greeting $nickname, nice to meet you!”; |
Another type of XSS is Stored XSS, where the attacker can save malicious content on a webpage. This content is executed in the browsers of all users who visit the site, without needing them to click a link.
The graphic shows how Eve stores harmful JavaScript to be executed whenever someone accesses the resource.
XSS attacks can achieve various malicious goals, such as:
To defend against XSS, consider these best practices: