XSS or Cross-Site Scripting is a type of attack that injects JavaScript Code into client side of the website that runs on the user's browser without them knowing and can cause some serious damage like stealing passwords to bank acconts and credit card numbers etc.
Since I am the only one running this site I have to check for the security issues as well and the first one I wanted to check for was XSS. As always first I searched for explanation on XSS on Youtube and found some amazing videos and then I searched for XSS on some other websites like Wikipedia and MDN.
After learning about the XSS I thought about what could go wrong with my site in terms of XSS and here are my conclusions.
- As explained in the Article on Gatsby.js Offical Documentation on Security in GatsbyJS, the only way someone can inject code in my site is through some input that stores the input data in the Backend Database and then renders it on the site but for now I don't have any input or form on the site where someone could input some malicious code.
- And I also don't have any Backend Database as I am hosting this static-site on Github.com.
- And for security measures I will use either sanitize-html or DOMPurify to sanitize HTML on the site.
What I Learned Today
💻 Programming
-
XSS - Cross-Site Scripting - Following are some resources that I researched for this blog post and also for the website.
-
Cross-site scripting - Link
-
XSS on Google Search - Sanitizing HTML in The Client? - Link
-
How did Masato find the Google Search XSS? - Link
-
Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy - Link
-
7 Security Risks and Hacking Stories for Web Developers - Link
-
Content Security Policy (CSP) - Link
-
Security in Gatsby - Link
-
🗾 Langauge[日本語]
- 弱点 (じゃくてん) Weak Point. 弱: Weak, 点: Point.0
- 電池 (でんち) Battery. 電: Electricity, 池: Pond.
- 対立 (たいりつ) Confrontation. 対: Versus, 立: Stand.
- 究明 (きゅうめい) Investigation. 究: Research, 明: Bright.
zainsci