Welcome to my Today I Learned (TIL) section! Here I jot down quick notes about what I learned each day, from coding tricks to tech experiments. Scroll down to see all my TIL posts!
XSS is way simpler (and scarier) than I thought
So today I came across Cross Site Scripting or XSS which honestly sounds like a Counter Strike mode but is actually one of the oldest and most annoying vulnerabilities on the web. Once I understood it, I felt a little unsafe about every comment section I’ve ever used lol. What is it actually XSS is when a website lets someone sneak their own javascript into a page, and your browser just… runs it. no questions asked, zero trust issues, straight up “sure i’ll run that.” The browser assumes any JavaScript that’s part of the page came from the website itself, so if the site accidentally treats user input as code instead of text, it’ll execute it. It’s not movie hacker stuff, it’s just a website not checking what a user typed before showing it to everyone else. ...