How To Fix Cross Site Scripting Persistent In Java | Copperchips

Before we jump to cross-site scripting or XSS it is vital to understand a core security feature called Same Origin Policy (SOP) so that we are on the same page. SOP is a policy that stops one website from reading or writing data. The policy essentially checks for three different things in the origin- Protocol, Host, Port. If all the three are the same for two different origins then the browser allows cross-origin read or write. This is a great feature ensuring some basic web security.

But what if we had control over the Javascript of another website? We know that Javascript has access to HTML documents that are provided by the browser. This means one can manipulate the DOM and deface the webpage. Hence, having access to Javascript on another website in a different user's context can be very problematic. But now the question is can we inject some Javascript into another website? Yes, we can and that's exactly what Cross-Site Scripting or XSS does.

What is Cross-Site Scripting?
Cross-Site Scripting is nothing but a Javascript injection technique. In this, attackers aim to carry out any actions that the user can perform and also, access the user's data. If by any chance, the victim possesses premium access, then attackers might be able to control the application's functionality and data.

There are two types of Cross-Site Scripting attacks namely-

Nonpersistent or Reflected XSS.
Persistent or Stored XSS.