From a05dc826581d8a9b1f67b7245188497c8f218c0e Mon Sep 17 00:00:00 2001 From: Tait Hoyem Date: Sat, 25 Apr 2020 13:05:56 +0000 Subject: [PATCH] Add example to xss vulnerabilities --- _posts/2020-04-25-xss.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_posts/2020-04-25-xss.md b/_posts/2020-04-25-xss.md index 65aa2ac..a787914 100644 --- a/_posts/2020-04-25-xss.md +++ b/_posts/2020-04-25-xss.md @@ -72,6 +72,7 @@ but they would show up to a user as `<`. When inputs are not properly sanitized *and* the input is shown to the user in another part of the website, then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed. +For example: a name for a quiz website (input) and the leaderboard for said quiz (display). HTML, by itself is not very dangerous. The worst thing you could do is probably put a link on your name,