What is XSS?
Xss Stands for the Cross-Site Scripting Language. As per the name suggests Cross-Site Scripting, No matter what technology you used to develop your web application. XSS attack can be performed on any website which does not have any security presence for this kind of attack.
Xss does not affect your application, if your application does not need any kind of database.
I know such an application you can count on your fingers, But this blog will help you to find the solution for this problem and stops your, user to inject any XSS.
How Can an Attacker Compromise Your Website?
This question is quite difficult to explain, but here it’s full explanation. So, stay tuned.
If We are talking about the WebSite. So, there is no way to just make a website without JavaScript(js). You can but then your website will be interpreted in Java Script.
Exactly, this means XSS uses JavaScript code to put some malicious code in your web-app.
If you don't have any knowledge about the java-script, we will put some information about the Java-Script as well. But for now let's talk about how An Attacker can Compromise your application.
As Given in below Example, User or an Attacker can compromise your web application.
How can you prevent your application from this kind of attack?
Suppose, you are making a website in an Angular, In order to Secure your application you need to Download a package known “xss” from the official website of “ npm ” or you can use the following link:-
https://www.npmjs.com/package/xss
Now to install this package, you need to navigate to your project like shown in below figure
As soon as you install your Package you need to create a class in your project directory (where your AppCompoenent.ts file exists)
Right click on your app(in SRC folder) folder → click on new file → name it as “injection-avoider.ts”
In that file you need to write two lines in that file that is given below
As soon as you just created this File You need to add the Following code in your File.
Now, move back to your “app.component.ts” file or file where you wanna add these security concerns.
Step 1 Add an Import statement in your file
Step 2 now make an instance of class “InjectionAvoider”
Step 3 make a function named avoidXss as shown in below figure
Step 4 Now you just need to call the above function where you need to check your security concern. (generally it’s done when the form is about to get submitted)
Step 5 Now Add two Text Fields in your html files.
Step 6 Testing:-