JavaScript Security issues Why scripts from other people can harm your website and its visitors

Help us to keep this website almost Ad Free! It takes only 10 seconds of your time:
> Step 1: Go view our video on YouTube: EF Core Bulk Extensions
> Step 2: And Like the video. BONUS: You can also share it!

Example

If you don't think that malicious scripts can harm your site, you are wrong. Here is a list of what a malicious script could do:

  1. Remove itself from the DOM so that it can't be traced
  2. Steal users' session cookies and enable the script author to log in as and impersonate them
  3. Show a fake "Your session has expired. Please log in again." message that sends the user's password to the script author.
  4. Register a malicious service worker that runs a malicious script on every page visit to that website.
  5. Put up a fake paywall demanding that users pay money to access the site that actually goes to the script author.

Please, don't think that XSS won't harm your website and its visitors.



Got any JavaScript Question?