[talk] Cross Site Scripting in Browsers
Pete Wright
pete at nomadlogic.org
Thu Dec 7 12:28:57 EST 2017
On 12/07/2017 08:48, Sujit K M wrote:
> Hi All,
>
> I had a simple question, How is something like Cross Site Scripting
> for example implemented in Browsers. A stupid idea(as even in open
> source browsers) would be to change code and disable the code for
> Cross Site Scripting and Hack. I call it stupid simply because the code is
> going to be shared object.
>
> As a two part to this how are security in browsers implemented is there any
> documentation for this?
not %100 sure i understand your question - are you asking how CORS
(Cross Origin Resource Sharing) is implemented? Cross Site Scripting
(xss) is something browsers actively mitigate against so I'm a little
confused I guess.
fwiw here's the moz docs on CORS which I think covers how it helps
prevent XSS attacks while still allowing the browser to run code from
multiple origins in a sorta-semi-but-probably-not-really-in-practice manner:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
-pete
--
Pete Wright
pete at nomadlogic.org
@nomadlogicLA
More information about the talk
mailing list