nqthqn
15 properties of living structures
About
An Ode to Paper
Authorization
Basics with Blender
Beguiling Bigrams
Builder Pattern
Content Security Policy
Convergent & Divergent Thinking
Cross-Site Request Forgery Prevention
Custom Elements or Web Components
Design Philosophy
Early Exposure
Flummoxing Feedback
Fonts with Obsidian Publish
HMAC
I use Helix
journey to image hooks
Kleene star notation
Knowledge Garden Planning
learn together
Marvel at the multiplex
Morphosyntax
other people say
Phantom Type
Pruning your Knowledge Garden
Résumé
Rotoscoping
SaaS Products
SHA-1
Simpler Obsidian
Trailhead
unknown unknowns
Web Security
Wordy
XSS
nqthqn

XSS

This should actually be renamed from “Cross Site Scripting” to “JavaScript Injection” and has to do with

When the Browser and the Server are in the same-origin — requests to an origin with a different schema, port or domain are blocked by default. To allow Client to get evil assets, Server would need to set a CORS headers — to allow t

evil.comServerClientevil.comServerClientRequestResponseRequest BlockedClient and Server are on http://example.com origin
Links to this page
Content Security Policy
XSS
Interactive graph
Powered by Obsidian Publish