XSS is way simpler (and scarier) than I thought
So today I came across Cross Site Scripting or XSS which honestly sounds like a Counter Strike mode but is actually one of the oldest and most annoying vulnerabilities on the web. Once I understood it, I felt a little unsafe about every comment section I’ve ever used lol. What is it actually XSS is when a website lets someone sneak their own javascript into a page, and your browser just… runs it. no questions asked, zero trust issues, straight up “sure i’ll run that.” The browser assumes any JavaScript that’s part of the page came from the website itself, so if the site accidentally treats user input as code instead of text, it’ll execute it. It’s not movie hacker stuff, it’s just a website not checking what a user typed before showing it to everyone else. ...