For almost 25 years, almost as long as there is PHP, cross-site scripting (XSS) has been one of the most common risks for web applications. Yet today, there are many ways to protect a web application from attacks, including browser features, HTTP headers, and special APIs. This talk discusses why XSS is dangerous and covers countermeasures including Content Security Policy, Trusted Types API, and protection in SPA frameworks. After this talk, there's (almost) no excuse to get XSS.


Comments are closed.