Menu Close
    Start a Project Request quote Reading list Switch to dark mode

    What is Cross-Site Scripting?

    In this blog, we will learn about cross-site scripting. Let’s start with what is cross-site scripting.

    What is Cross-Site Scripting?

    Cross-Site Scripting or XSS allows an attacker to destroy your existing project, or take advantage of it. XSS injection can be possible when there is a scope for the attacker to insert unauthorized JavaScript, VBScript, HTML, or other active content into a web page. It could provide the attacker any confidential data, which might cause loss of valuable information.

    What are the Types of XSS Attacks

    There are following types of XSS attacks:

    Stored XSS : If we provide a platform to an end user, through which we can save information provided by them to the database. It gives the attacker an aperture to cause harm to our system and sneak some valuable information, making us vulnerable.

    Reflected XSS : The malicious information sent through URL parameter, are reflected XSS.

    DOM-based XSS : It refer to making changes in DOM at the client side. The server side web page does not change but executes in the way that is not intended.

    Impact of XSS

    There are following impacts of XSS:

    1) Arbitrary Requests : The hacker can use XSS to send request to get information from the user end.
    2) Malware Download : Sometimes we get some spam mail, through which malware could be downloaded.
    3) Log keystrokes : The attacker could identify key-strokes to get username and password to log in future.


    Let us visualize the concept of XSS in Salesforce through an example. Create a new visualforce page and write the following code:

    As you can notice current page parameter “param” is reflected in the page. Let us pass a string parameter ex-‘account’ through the url as following:

    We will get desired output:

    Now let us pass an incorrect parameter as following:

    We will get the distorted output:

    Example shared above is concerned with Reflected XSS.


    That’s all for cross-site scripting, still, if you have any issue feel free to add a ticket and let us know your views to make it better


    . . .


    Add Your Comment

    Be the first to comment.

    Back to Top
    Hire Us!
    Brief us about your requirements and we'll get back to you.
    Woo! Hooy!
    We have just recieved your project brief and our expert will contact you shortly.
    Send Again

    Table of Content

    Hide Index