TobTobXX
commented
2 years ago Basically, XSS as a service? (XaaS?)
Closed therohitdas closed 2 years ago
TobTobXX
commented
2 years ago Basically, XSS as a service? (XaaS?)
TobTobXX
commented
2 years ago MDN on Cross-site scripting (square bracket's content mine):
Cross-site scripting
Cross-site scripting (XSS) is a security exploit which allows [a snippet author] to inject into a website malicious client-side code. This code is executed by the victims and lets the attackers bypass access controls and impersonate users. According to the Open Web Application Security Project, XSS was the seventh most common Web app vulnerability in 2017.
These attacks succeed if the Web app does not employ enough validation or encoding. The user's browser cannot detect the malicious script is untrustworthy, and so gives it access to any cookies, session tokens, or other sensitive site-specific information, or lets the malicious script rewrite the HTML content.
Not fond of the idea.
therohitdas
commented
2 years ago okay okay, you just shitted on my idea LOL, closing this issue!
TobTobXX
commented
2 years ago Sorry, that was indeed a bit rude. Didn't mean to talk you down. I could just tell, that you didn't think about how this could be abused (which happens to everyone when they're excited). I can absolutely understand your PoV, but I just had another that seemed quite relevant too.
Thanks for your enthusiasm and have a nice day!
TobTobXX
commented
2 years ago Now that I think about it... That's basically what browser extensions are though: XaaS.
Create a community tab to show popular code snippets based on the current browser URL. This can help us share snippets with each other. Just an idea. Communities are really great and might help you earn in some way!