XSS Explained with React and Vanilla JS Examples | Cross Site Scripting | dangerouslySetInnerHTML
2.7 هزار بار بازدید -
7 ماه پیش
-
In this video, I talk
In this video, I talk about the basics of Cross Site Scripting (XSS), how to exploit it and how to prevent it.
See all of the notes and code from this stream here: https://github.com/CodingGarden/learn...
This is a highlight of a livestream. Watch the full stream here: What is XSS? | Web Security Wednesday
XSS on Wikipedia: https://en.wikipedia.org/wiki/Cross-s...
XSS on OWASP: https://owasp.org/www-community/attac...
XSS on Snyk.io: https://learn.snyk.io/lesson/xss/
Play the XSS Game: https://xss-game.appspot.com/
00:00 Welcome
00:22 What is XSS?
01:04 First Look at XSS
01:38 Why this is BAD
02:53 Reflected XSS
03:13 Stored XSS
03:54 Real World XSS
05:05 Twitter XSS Explained
05:34 Blind XSS
06:12 Vulnerable Code with innerHTML
07:51 Safe Code with textContent
08:58 Sanitizing HTML with a custom function
11:50 Safe Code with DOMPurify
14:09 Never Trust User Provided Input
15:16 Preventing XSS Summary
16:24 Fixing Attribute Injection
18:04 This scares me
18:33 XSS in React
19:41 dangerouslySetInnerHTML in React
21:00 Trust no one
21:44 DOMPurify with React
23:04 XSS Brain Implant
23:52 XSS for Backend Devs
24:36 Scanners and Static Code Analysis
25:00 Conclusion / Summary
📩 Sign up for my mailing list: https://list.coding.garden/
💖 Donate: https://coding.garden/donate
😍 Pledge: https://coding.garden/pledge
🎉 Stickers: https://coding.garden/stickers
💻 Gear List: https://coding.garden/gear
🔎 Search for more Coding Garden videos here: https://coding.garden/videos
🗣 View the Coding Garden FAQ here: https://github.com/CodingGarden/faqs
See all of the notes and code from this stream here: https://github.com/CodingGarden/learn...
This is a highlight of a livestream. Watch the full stream here: What is XSS? | Web Security Wednesday
XSS on Wikipedia: https://en.wikipedia.org/wiki/Cross-s...
XSS on OWASP: https://owasp.org/www-community/attac...
XSS on Snyk.io: https://learn.snyk.io/lesson/xss/
Play the XSS Game: https://xss-game.appspot.com/
00:00 Welcome
00:22 What is XSS?
01:04 First Look at XSS
01:38 Why this is BAD
02:53 Reflected XSS
03:13 Stored XSS
03:54 Real World XSS
05:05 Twitter XSS Explained
05:34 Blind XSS
06:12 Vulnerable Code with innerHTML
07:51 Safe Code with textContent
08:58 Sanitizing HTML with a custom function
11:50 Safe Code with DOMPurify
14:09 Never Trust User Provided Input
15:16 Preventing XSS Summary
16:24 Fixing Attribute Injection
18:04 This scares me
18:33 XSS in React
19:41 dangerouslySetInnerHTML in React
21:00 Trust no one
21:44 DOMPurify with React
23:04 XSS Brain Implant
23:52 XSS for Backend Devs
24:36 Scanners and Static Code Analysis
25:00 Conclusion / Summary
📩 Sign up for my mailing list: https://list.coding.garden/
💖 Donate: https://coding.garden/donate
😍 Pledge: https://coding.garden/pledge
🎉 Stickers: https://coding.garden/stickers
💻 Gear List: https://coding.garden/gear
🔎 Search for more Coding Garden videos here: https://coding.garden/videos
🗣 View the Coding Garden FAQ here: https://github.com/CodingGarden/faqs
7 ماه پیش
در تاریخ 1402/10/21 منتشر شده
است.
2,701
بـار بازدید شده