cross site scripting attacks XSS

0
votes

I am newbie in web development and i would like to ask a question.

I know Cross site scripting attacks XSS are dangerous when we output and display users info in our pages, when we set cookies and etc.

But when we have a simply site that accept only a contact form with inputs of first name, last name, message and we dont output this info anywhere at the site or we dont use cookies, are Cross site scripting attacks dangerous for my site.

I mean should i do something to prevent xss attacks , for my img src, meta tags or another html tag. Thank you in advance.

Thank you!

1
securitycookiesxssuser-input
Any time you output any untrusted data to the client, you need to encode it (based on the context) to protect against XSS. HTML sites with javascript and no backend can still be vulnerable to XSS if they take user input. - Gray
@Gray Thank you a lot, your answer is very useful...Can you provide me an example how to prevent from XSS a user input. I have a simply site with no backend but as i explained in my question i use a contact form with user inputs - Vasileios Tsakalis
You should start here: google.com/about/appsecurity/learning/xss - Gray
Ok, thank you again!!! - Vasileios Tsakalis
No problem. OWASP is another great resource: owasp.org/index.php/… - Gray

1 Answers

0
votes

If your page

  1. use any http parameter for output rendering. It's vulnerable to reflected XSS.

  2. use any javascript DOM manipulation. It's vulnerable to DOM based XSS.

below link may help you.

https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting