XSS

Cross site script attack.

###Principle

*The attacker first injects the attack script into a third-party legitimate platform website
*After the victim clicks on the link, the website cookie information will be sent to the URL specified by the hacker.
*Hackers can log in as victims after stealing cookies

###Prevention

  • HttpOnly cookie
    If you set the HttpOnly property in the cookie, the cookie information cannot be read through JavaScript scripts, which can effectively prevent XSS attacks

*Submit value check
Filter tag values