Cross-Site Scripting
7 lessons in this module
Progress 0%
1
What is Cross-Site Scripting?
XSS basics, why it persists, injection vs. markup, and real-world incidents (TweetDeck, DeepSeek).
2
Stored, Reflected, and DOM-Based XSS
The three XSS types with examples, payload catalog, and postMessage vectors.
3
XSS in React, Vue, Angular, and Vanilla JS
Framework escape hatches, dangerouslySetInnerHTML, v-html, innerHTML, and supply chain XSS.
4
XSS Meets OAuth: From Script Injection to Account Takeover
OAuth flow, token theft, HttpOnly limits, and defending against XSS-to-account-takeover.
5
When AI Writes Your XSS: Prompt Injection, Slopsquatting, and LLM-Rendered Payloads
LLM output as XSS vector, prompt injection, AI-generated vulnerable code, and slopsquatting.
6
CSP, Trusted Types, and the Sanitizer API
Content Security Policy, SRI, Trusted Types, Sanitizer API, and DOMPurify.
7
Auditing Your App for XSS: A Practical Checklist
Systematic XSS audit, attack surface inventory, sinks, defenses, and automation.