/xss-test-google-search-vulnerability

Primary LanguageTypeScript

Reflected XSS

This project demonstrates the danger of Reflected XSS attacks. There are 4 inputs:

  1. Uses insecure innerHTML - unsafe
  2. Uses secure textContent - supersafe
  3. Uses sanitization with template tag and exclusion of unsafe attributes (like DOMPurify), but no more (exposed to the Reflected XSS attack that Google Search had in 2018-2019 and was fixed here) - semisafe
  4. The problem of 3 points has been fixed, due to the use of XMLSerializer - safe

⏬ Installation

  1. Clone or download the repo
  2. Browse the downloaded directory
  3. Install dependencies through npm 
     npm i

⏩ Commands

Development frontentd build & backend refresh:

  npm run fullstack:dev

Production frontentd build & backend refresh:

  npm run fullstack:build