This course will be retired on June 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victims' browser, which can access any cookies, session tokens, or other sensitive information retained by the browser, or redirect user to malicious sites.
New Terms:
- XSS: Cross-Site Scripting, or XSS, occur when a web applications takes untrusted data and sends it to a web browser without proper validation or escaping.
- Stored XSS: XSS that can persist in an application and be run on a userβs page after being loaded from a database, server-side endpoint, or local browser storage.
- Reflected XSS: XSS that can be injected by an attacker and is returned in an immediate HTTP response to the targeted user.
Further Reading:
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up