Lecture 21: Cross-Site Scripting (XSS)

Intro to XSS, Review

Stored XSS

If the user input is stored on the server and displayed as HTML, how can an attacker inject Javascript?

XSS Demo

Real-world XSS Attacks

Reflected XSS

(True/False) Reflected XSS requires the victim to visit a malicious link crafted by the attacker, but Stored XSS does not.

XSS Defenses

Consider an escaper that finds all instances of <script> and </script> in user input and removes them. Can an attacker still perform an XSS attack with <script> tags? If yes, write a malicious input that would bypass this escaping function. If no, explain why.