<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Web Development on Tech Cafe</title>
    <link>https://golden-fox07.github.io/BLOG/tags/web-development/</link>
    <description>Recent content in Web Development on Tech Cafe</description>
    <generator>Hugo -- 0.147.0</generator>
    <language>en-us</language>
    <lastBuildDate>Sun, 28 Jun 2026 00:00:00 +0000</lastBuildDate>
    <atom:link href="https://golden-fox07.github.io/BLOG/tags/web-development/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>XSS is way simpler (and scarier) than I thought</title>
      <link>https://golden-fox07.github.io/BLOG/til/til_xss/til_xss/</link>
      <pubDate>Sun, 28 Jun 2026 00:00:00 +0000</pubDate>
      <guid>https://golden-fox07.github.io/BLOG/til/til_xss/til_xss/</guid>
      <description>&lt;p&gt;So today I came across Cross Site Scripting or XSS which honestly sounds like a Counter Strike mode but is actually one of the oldest and most annoying vulnerabilities on the web. Once I understood it, I felt a little unsafe about every comment section I&amp;rsquo;ve ever used lol.&lt;/p&gt;
&lt;h2 id=&#34;what-is-it-actually&#34;&gt;What is it actually&lt;/h2&gt;
&lt;p&gt;XSS is when a website lets someone sneak their own javascript into a page, and your browser just&amp;hellip; runs it. no questions asked, zero trust issues, straight up &amp;ldquo;sure i&amp;rsquo;ll run that.&amp;rdquo; The browser assumes any JavaScript that&amp;rsquo;s part of the page came from the website itself, so if the site accidentally treats user input as code instead of text, it&amp;rsquo;ll execute it. It&amp;rsquo;s not movie hacker stuff, it&amp;rsquo;s just a website not checking what a user typed before showing it to everyone else.&lt;/p&gt;</description>
    </item>
  </channel>
</rss>
