Tutorial by Examples

Let's say Joe owns a website that allows you to log on, view puppy videos, and save them to your account. Whenever a user searches on that website, they are redirected to https://example.com/search?q=brown+puppies. If a user's search doesn't match anything, than they see a message along the lines ...

Let's say that Bob owns a social website that allows users to personalize their profiles. Alice goes to Bob's website, creates an account, and goes to her profile settings. She sets her profile description to I'm actually too lazy to write something here. When her friends view her profile, this co...

Let's say that Bob owns a site that lets you post public messages. The messages are loaded by a script that looks like this: addMessage("Message 1"); addMessage("Message 2"); addMessage("Message 3"); addMessage("Message 4"); addMessage("Message 5&qu...

If you don't think that malicious scripts can harm your site, you are wrong. Here is a list of what a malicious script could do: Remove itself from the DOM so that it can't be traced Steal users' session cookies and enable the script author to log in as and impersonate them Show a fake "Yo...

Let's say that whenever someone visits a profile page in Bob's website, the following URL is fetched: https://example.com/api/users/1234/profiledata.json With a response like this: { "name": "Bob", "description": "Likes pie & security holes.&quot...