JavaScript Why scripts from other people can harm your website and its visitors


If you don't think that malicious scripts can harm your site, you are wrong. Here is a list of what a malicious script could do:

  1. Remove itself from the DOM so that it can't be traced
  2. Steal users' session cookies and enable the script author to log in as and impersonate them
  3. Show a fake "Your session has expired. Please log in again." message that sends the user's password to the script author.
  4. Register a malicious service worker that runs a malicious script on every page visit to that website.
  5. Put up a fake paywall demanding that users pay money to access the site that actually goes to the script author.

Please, don't think that XSS won't harm your website and its visitors.