JavaScript Security issues Why scripts from other people can harm your website and its visitors


If you don't think that malicious scripts can harm your site, you are wrong. Here is a list of what a malicious script could do:

  1. Remove itself from the DOM so that it can't be traced
  2. Steal users' session cookies and enable the script author to log in as and impersonate them
  3. Show a fake "Your session has expired. Please log in again." message that sends the user's password to the script author.
  4. Register a malicious service worker that runs a malicious script on every page visit to that website.
  5. Put up a fake paywall demanding that users pay money to access the site that actually goes to the script author.

Please, don't think that XSS won't harm your website and its visitors.