What is XSS and can it be dangerous for my wordpress website?

What is Cross-Site-Scripting?

https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/
https://medium.com/iocscan/dom-based-cross-site-scripting-dom-xss-3396453364fd

Where do you need security features to avoid XSS?

Known cases

https://securityaffairs.co/wordpress/79943/hacking/fortnite-flaws-account-takeover.html

Are wordpress pages protected from XSS?

How to avoid XSS?

Don’t trust any user input

Sanitize Values

Set the HttpOnly flag

Update system and plugins

Web application firewall

Photo by Danielle MacInnes on Unsplash

What should be started with?

var app = document.querySelector(‘#app’);
app.innerHTML = ‘<img src=”x” onerror=”alert(1)”>’;
app.innerHTML = ‘&#60;img src&#61;&#34;x&#34;
onerror&#61;&#34;alert&#40;1&#41;&#34;&#62;’;
var sanitizeHTML = function(str){
return str.replace(/[^\w. ]/gi, function (c ){
return ‘&#’ + c.charCodeAt(0) + ‘;’;
});
};
app.innerHTML = sanitizeHTML(‘<img src=”x” onerror=”alert(1)”>’);
Photo by Hack Capital on Unsplash

Conclusion

Business Management Information Systems Student at Flensburg University of Applied Sciences

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store