Home/ Questions/Q 6231911
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T10:01:15+00:00

I’m working on an eCommerce application that’s using quite a bit of JavaScript and

  • 0

I’m working on an eCommerce application that’s using quite a bit of JavaScript and jQuery. Everything is checked server-side before anything is processed, but there has been a lot of news lately regarding web-based break-ins via JavaScript. I was just wondering what type of things I can do to reduce this threat and if there were any good websites that had information on this.

Thanks in advance!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here is a good link to read about XSS:
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

    Basically, what a “hacker” is trying to do when they use XSS is get the user to think your site is asking them for something secure, when really the “hacker” is asking (by injecting script into your site) and is sending that data to somewhere unsecure. Comes in many flavors.

    The usual prevention measures are to sanitize you data (so a “hacker” can’t inject scripts via data entry). Basically, anything that is dynamically created or comes from users (even your own content people) should be encoded so that script, etc cannot be executed.

    Many people seem confused about the goals of XSS. If you think that your server and the data on it are the only thing to protect, you are wrong. XSS is often directed at the user, rather than the server, the “hacker” is trying to steal from the user, not the server (or it’s owners). Stealing from the user may in turn result in stealing from the server (got the users credentials, now go buy stuff impersonating the user).

    • 0