[talk] Cross Site Scripting in Browsers

Pete Wright pete at nomadlogic.org
Thu Dec 7 12:28:57 EST 2017



On 12/07/2017 08:48, Sujit K M wrote:
> Hi All,
>
> I had a simple question, How is something like Cross Site Scripting
> for example implemented in Browsers. A stupid idea(as even in open
> source browsers) would be to change code and disable the code for
> Cross Site Scripting and Hack. I call it stupid simply because the code is
> going to be shared object.
>
> As a two part to this how are security in browsers implemented is there any
> documentation for this?
not %100 sure i understand your question - are you asking how CORS 
(Cross Origin Resource Sharing) is implemented?  Cross Site Scripting 
(xss) is something browsers actively mitigate against so I'm a little 
confused I guess.

fwiw here's the moz docs on CORS which I think covers how it helps 
prevent XSS attacks while still allowing the browser to run code from 
multiple origins in a sorta-semi-but-probably-not-really-in-practice manner:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

-pete

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA




More information about the talk mailing list