|
|
|
|
|
|
by chill1
1783 days ago
|
|
|
> If a site is vulnerable to XSS it's basically game over security-wise. Another reply seems to have focused on having XSS causing an attacker to gain access to session cookies. But no one has mentioned using Content-Security-Policy [0] - which if set properly can make it nearly impossible to exploit an XSS vulnerability in the first place. [0] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP |
|
|
which far, far too many apps do.