Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy

What websites let you just store things on them like that?

Great Explanation

Hello Hussein after going through video , I realised that it was you . I have watched most of your content on the design

So you mean that if we do use CSP XSS can't be injected, right ?

Mahn! Incredibly fun to watch! Love your content bro

Anybody know how to check if a given website has xss header enabled using pyhton.

Very helpful ser!! 🙏🌹❤

stupid tutorial and English

How to implement in struts

Thank you for saying SHE and including us ✨ 🙌🏽 ✨ women hack & code too (:

Does xss protection header prevents DOM xss

the edvotise was so greate "click here to Boost your CPU"🤣🤣🤣

this is so easily digestable! thank you

thanks for the nice explaining it was very enjoyable.

awesome

great

We appreciate your efforts

<script> alert("Mad")</script>

Awesome Demo thank's

ও মামা।
Amazing explanation!

It's very informative!

Great explanation, thanks!

Wow!!
Very informative. I lean new things again in less time.... It will help me a lot to prevent outside to come in to my server scripts.

Thank you Naseer ! This is very helpful

if it is a dynamic website, is it okay to put the main homepage link in?

Awesome made it all clearer 🙏

XSS babes!

hi hussein

I need you help/info related to one issue
We have in java code like below
String hname = request.getRemoteName(); // this line is showing issue in Fortify scan
can you help me how to validate the hname?

I used with ESAPI input validator but it could not remediate it. Please help

Great video Hussein!

<script>alert(test attack);</script>

joss

Hi Hussain.Your content is awesome. Csp attributes get fails even though it has been configured correct url.can u help me out?

شكرا جدا عالشرح الواضح

Such powerful stuff...

Oooooo Mama......... :D Your Accent/tone/speech/words/humor is just perfect. Thank you that i found you.

It was helpful, thank you

This is $$ Gold $$. Thank you so much. You earned a subscriber!

Thank you for a beautiful explanation sir. Actually interested in learning js btw found u on Udemy.

This + html ping to post form :)

Of course you could have mentioned the real problem and solution in the js code, distinguishing text from HTML encoded text. (Easier with typescript 😜) But good demo of the csp header.

You are the best explainer

Can u make a vid on modsecurity with Nginx