2
votes

I have hosted a static HTML page using GitHub Pages with a Contact Us form.
I found a solution so I can send the form to my email with https://formspree.io/ but i am not sure if this prevent an attacker to do XSS attack.
Maybe if i add HTML <input> pattern Attribute to my page prevent the attack?
Is there any way to prevent XSS attack without any server-side script?

I dont know how GitHub Pages handle xss attack and what are the vulnerabilities of html static forms.

1

1 Answers

0
votes

I dont know how GitHub Pages handle xss attack and what are the vulnerabilities of html static forms

GitHub pages does not offer any kind of backend scripting, which limits the security risk.

Formspree will help as it proposes a contact form which is secure (although xss vulnerability still exists, and are fixed).
You can see an example in 'Sending Contact Form Emails From Your GitHub Pages Site Using AJAX & Formspree'