Guarding against cross-site scripting
XSS attacks are client-side injection attacks where malicious scripts are injected into websites. XSS vulnerabilities are very dangerous as they can compromise trusted websites.
In this recipe, we’re going to demonstrate an XSS vulnerability and learn how we can protect against them. We’ll be using the he
(https://www.npmjs.com/package/he) npm
module to do so.
Getting ready
In this recipe, we’ll create an Express.js server that’s vulnerable to an XSS attack. To do so, we must create the vulnerable Express.js server:
- First, let’s create a directory named
express-xss
to work in:$ mkdir express-xss $ cd express-xss $ npm init --yes
- Now, we need to install
express
:$ npm install express
- Create a file where you’ll store the Express.js server:
$ touch server.js
- Add the following to
server.js
. This will create a server that renders a simple HTML web page that’s susceptible to an...