Posts

Showing posts from February, 2020

Cross-Site Scripting (XSS) front-end security details for Ruby on Rails developers

Cross-Site Scripting is a security hole that allows attackers to inject and execute JavaScript on your website. The cause of the problems: Data changes context XSS is a very specific problem, but it’s caused by a general issue that affects all computer systems and programming languages: Applications process data using different programming languages and formats (for example Ruby, JavaScript, SQL; plain text, HTML, JSON, CSV).  Data moves from one context into another context because languages and formats are nested or chained. Data that has a specific meaning in one context gets different meaning when put into another context. In context one, data is just plain text. In another context , it may be interpreted as code.  Untrusted content Web applications deal with untrusted content all the time. This is data that isn’t created by the service provider, developers or trusted parties. It may contain errors, it may be incomplete, it may not comply with syntactical rules. In addit