Member-only story
Cross-Site Scripting (XSS) is a type of security vulnerability that has been around since the early days of the World Wide Web. XSS allows an attacker to inject malicious code into a web page viewed by other users, potentially compromising sensitive information and enabling a range of malicious activities.
The history of XSS can be traced back to the late 1990s, when the first XSS attacks were reported. At that time, web applications were relatively simple and did not have many of the security features that are common today. As a result, XSS vulnerabilities were relatively easy to exploit, and attackers quickly began using these weaknesses to launch attacks.
In 2000, the first academic paper on XSS was published, highlighting the dangers of these vulnerabilities and the need for improved security measures. The paper discussed several types of XSS attacks, including stored XSS (where the malicious payload is stored on the web server), reflected XSS (where the payload is executed as a result of user input), and DOM-based XSS (where the payload is executed as a result of changes to the Document Object Model).
Over the next several years, XSS attacks became more sophisticated and widespread, and security researchers began developing methods to protect against these attacks. In 2005, the first Content Security Policy (CSP) was proposed as a way to…
