This project demonstrates the danger of Reflected XSS attacks. There are 4 inputs:
- Uses insecure
innerHTML
- unsafe - Uses secure
textContent
- supersafe - Uses sanitization with
template
tag and exclusion of unsafe attributes (likeDOMPurify
), but no more (exposed to the Reflected XSS attack that Google Search had in 2018-2019 and was fixed here) - semisafe - The problem of 3 points has been fixed, due to the use of
XMLSerializer
- safe
- Clone or download the repo
- Browse the downloaded directory
- Install dependencies through
npm
npm i
Development frontentd build & backend refresh:
npm run fullstack:dev
Production frontentd build & backend refresh:
npm run fullstack:build