๐Ÿšซ
Security

XSS attacks: Cross-Site Scripting protection

10.02.2025
โ† All articles

XSS โ€” executing foreign JavaScript on your site. Cookie theft, session hijack.

Types

Reflected, Stored, DOM-based.

Protection: escaping

htmlspecialchars($input, ENT_QUOTES, 'UTF-8').

CSP

Content-Security-Policy header โ€” blocks external scripts.

HttpOnly cookies

JS can't read cookies.

Framework auto-escape

React, Vue, Angular.

Related articles

๐Ÿ” Password managers โ€” choosing between Bitwarden, 1Password, LastPass and KeePass ๐Ÿฏ Honeypot โ€” hidden form field that catches bots and stops spam ๐Ÿ“„ /.well-known/security.txt โ€” security contact standard ๐Ÿ“‹ GDPR Compliance โ€” obligations for protecting European citizens' data
๐ŸŒ Language
๐Ÿ‡บ๐Ÿ‡ฟ O'zbek ๐Ÿ‡บ๐Ÿ‡ฟ ะŽะทะฑะตะบ ๐Ÿ‡ท๐Ÿ‡บ ะ ัƒััะบะธะน ๐Ÿ‡ฌ๐Ÿ‡ง English โœ“