What Exactly Is XSS?
The second type is the Stored XSS whereby the perpetrator fetches a non-sanitized input from the website’s database. However, the fetched value is a script that still runs from the client’s browser (Wang et al., 2018). The third type is the DOM-based XSS whereby the targeted malicious input from the client is never sent to the database, thus allowing the perpetrator to access the data from the client’s browser.
Preventive Measures & Techniques
Ahmed, M., & Ali, F. (2016). Multiple-Path Testing For Cross Site Scripting Using Genetic Algorithms. Journal Of Systems Architecture, 64, 50–62. DOI: 10.1016/j.sysarc.2015.11.001; Retrieved from https://bit.ly/2DZpg6G
Marashdih, A., & Zaaba, Z. (2017). Cross Site Scripting: Removing Approaches in Web Application. Procedia Computer Science, 124, 647–655. DOI: 10.1016/j.procs.2017.12.201; Retrieved from https://bit.ly/2PfbtKq
Wang, R., Xu, G., Zeng, X., Li, X., & Feng, Z. (2018). TT-XSS: A Novel Taint Tracking Based Dynamic Detection Framework For DOM Cross-Site Scripting. Journal Of Parallel And Distributed Computing, 118, 100–106. DOI: 10.1016/j.jpdc.2017.07.006; Retrieved from https://bit.ly/2CswRJv