|
|
|
|
|
|
by aidos
4917 days ago
|
|
|
It wasn't so many years ago that xss wasn't on anyone's radar (just like sql injection years before that). Over the years I've worked on dozens of sites that were exploitable via XSS (many older ones that probably still are). It's easy to get wrong - especially when you look through the list of different subtle ways you could mis-escape something [0]. The only thing protecting the majority of sites is that exploiting them just isn't desirable. [0] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_She... |
|
|