19:["$","div",null,{"className":"bg-theme dark:bg-gray-1400 h-dvh w-dvw flex flex-col","children":[["$","a",null,{"href":"#main-content","className":"absolute left-4 top-0 focus-visible:top-4 bg-blue-700 text-white rounded-4 text-xs p-4 z-50 transform -translate-y-full focus-visible:translate-y-0 otransition","children":"Skip to main content"}],"$L36","$L37",["$","div",null,{"role":"main","id":"main-content","className":"relative overflow-y-auto items-center flex flex-col","tabIndex":-1,"children":[["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 lg:pt-48 px-20 md:px-24","children":["$","$L38",null,{"rootHref":"/learn/course-paths?courseSlug=a03-injection&unitSlug=form-data-injection-understanding-and-mitigating-vulnerabilities-1","pathBreadcrumb":{"key":"271","title":"OWASP Top 10 & Common Attack Vectors with TypeScript (1-5)","href":"/learn/paths/owasp-top-10-common-attack-vectors-with-typescript-1-5"},"courseBreadcrumb":{"key":"1195","title":"A03: Injection","href":"/learn/courses/a03-injection","options":[{"key":"1192","href":"/learn/courses/a01-broken-access-control-1","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/daf8b44f-5fcb-4b87-87c8-d0c934c01eab_optimized.jpg","numLessons":5,"numPractices":17,"active":false,"label":"A01: Broken Access Control","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"1168","href":"/learn/courses/a02-cryptographic-failures-1","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/19deb78c-6432-452d-a0c3-2b67c53c7257_optimized.jpg","numLessons":4,"numPractices":11,"active":false,"label":"A02: Cryptographic Failures","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"1195","href":"/learn/courses/a03-injection","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/6e5fbf9f-5d31-42d3-97e5-b408e5d70101_optimized.jpg","numLessons":4,"numPractices":14,"active":true,"label":"A03: Injection","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"1196","href":"/learn/courses/a04-insecure-design","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/fc435ffb-da41-44ec-a705-f8b1f94c2a05_optimized.jpg","numLessons":5,"numPractices":14,"active":false,"label":"A04: Insecure Design","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"1197","href":"/learn/courses/a05-security-misconfiguration","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/4c69d686-87e6-4092-9c73-4846b111193e_optimized.jpg","numLessons":4,"numPractices":12,"active":false,"label":"A05: Security Misconfiguration","completedAt":"$undefined","completionRatio":"$undefined"}]},"lessonBreadcrumb":{"key":"7271","title":"XSS Injections","options":[{"key":"7269","href":"/learn/courses/a03-injection/lessons/introduction-to-injection-vulnerabilities","active":false,"label":"Introduction to Injection Vulnerabilities","completedAt":"$undefined"},{"key":"7270","href":"/learn/courses/a03-injection/lessons/query-parameter-injection-understanding-and-mitigation","active":false,"label":"SQL Injections","completedAt":"$undefined"},{"key":"7271","href":"/learn/courses/a03-injection/lessons/form-data-injection-understanding-and-mitigating-vulnerabilities-1","active":true,"label":"XSS Injections","completedAt":"$undefined"},{"key":"7272","href":"/learn/courses/a03-injection/lessons/command-injection-in-file-processing-1","active":false,"label":"Command Injections","completedAt":"$undefined"}]}}]}],["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 pb-60 px-20 md:px-24 space-y-32 md:space-y-48","children":[["$","div",null,{"className":"mx-auto h-[12rem] w-[21.25rem] md:h-[25.5rem] md:w-[45rem] lg:h-[33.5rem] lg:w-[59.5rem] shrink-0","children":["$","$L39",null,{"src":"https://k3-production-bucket.s3.amazonaws.com/uploads/3ff207d4-770d-4d3c-bbd9-6938ae45ac60_combined_video.mp4","thumbnailUrl":"https://k3-production-bucket.s3.amazonaws.com/uploads/d4820b0a-5b60-4e92-b4d6-2d743315616f_slide-1.png","mimeType":"video/mp4","speed":1,"forcePause":false}]}],[["$","div","39170",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Introduction"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Welcome back! In this lesson, we will explore the concept of ",["$","em","em-0",{"children":"XSS injection"}],", a critical security vulnerability in web applications. Understanding this topic is essential for building secure applications and protecting user data. XSS injection occurs when attackers exploit improperly handled inputs to inject malicious JavaScript code that executes in users' browsers."]}],"\n",["$","p","p-1",{"children":"This lesson will guide you through the process of identifying, exploiting, and mitigating XSS injection vulnerabilities. Let's dive in! 🚀"}]]}]]}],["$","div","39171",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Understanding XSS Injection"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"XSS injection is a technique used by attackers to exploit vulnerabilities in web applications. When user inputs are not properly validated or sanitized, attackers can inject malicious JavaScript code that executes in other users' browsers. This can lead to unauthorized access, data breaches, and even session hijacking. In our example, we'll examine a code snippet preview component that's vulnerable to XSS attacks. This component is designed to display HTML content, which is commonly used in applications like code sharing platforms, content management systems, or any system that needs to render formatted text or code examples."}],"\n",["$","p","p-1",{"children":"Now, let's look at how this vulnerability manifests in a real component."}]]}]]}],["$","div","39172",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Vulnerable Component Example"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Our example focuses on a React component that's designed to preview HTML content. This type of component might be used in a code-sharing platform where users can share and preview code snippets:"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"typescript","onClickPlay":"$undefined","display":"block","children":"function Preview({ content }: PreviewProps) {\n const previewRef = useRef(null);\n\n useEffect(() => {\n if (previewRef.current) {\n // Directly setting innerHTML without sanitization\n previewRef.current.innerHTML = content;\n }\n }, [content]);\n\n return

;\n}"}]}],"\n",["$","p","p-1",{"children":["This component is vulnerable because it directly sets the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"innerHTML"}]," property without any validation. The ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"innerHTML"}]," property is a powerful feature that allows rendering HTML content dynamically, but it can also execute any JavaScript code embedded within that HTML. This creates a significant security risk, as we'll see in the next section..."]}]]}]]}],["$","div","39173",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Exploiting the Vulnerability"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"The vulnerability becomes particularly dangerous because the injected code will execute for anyone who views the snippet. This means if an administrator or privileged user views a malicious snippet, their session could be compromised. Here are two examples of how an attacker might exploit this vulnerability:"}],"\n",["$","p","p-1",{"children":"Example 1 - Simple Alert (Educational Purpose):"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"bash","onClickPlay":"$undefined","display":"block","children":"curl -X POST http://localhost:3000/api/snippets \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer \" \\\n -d '{\n \"content\": \"

\",\n }'"}]}],"\n",["$","p","p-2",{"children":"This payload creates an image tag that intentionally fails to load (src=\"x\"), triggering the onerror event. When triggered, it shows an alert containing the user's session cookie."}],"\n",["$","p","p-3",{"children":"Example 2 - Data Theft (Real Attack Scenario):"}],"\n",["$","div","pre-1",{"className":"my-24","children":["$","$L3a",null,{"language":"bash","onClickPlay":"$undefined","display":"block","children":"curl -X POST http://localhost:3000/api/snippets \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjEsImlhdCI6MTc0MTA4ODMwN30.OLJKTPuwoZqE5W6ZMrNJPbxwr060UiCNZnJn8bhvKtE\" \\\n -d '{\n \"title\": \"Helpful Code Example\",\n \"content\": \"

\",\n \"language\": \"javascript\"\n }'"}]}],"\n",["$","p","p-4",{"children":"This more sophisticated attack appears harmless with a \"Loading...\" message, but secretly sends the viewer's session cookie to the attacker's server. If an administrator views this snippet, their privileged session could be hijacked."}],"\n",["$","p","p-5",{"children":"Now that we understand the severity of these vulnerabilities, let's look at how we can protect against them using a dual-layer approach with both client-side and server-side sanitization..."}]]}]]}],["$","div","39174",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Client-Side Protection with DOMPurify"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"DOMPurify is a modern HTML sanitizer specifically designed for client-side protection against XSS attacks. It's particularly effective in browser environments and provides immediate protection for rendered content."}],"\n",["$","p","p-1",{"children":"Here's how we implement it in our Preview component:"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"typescript","onClickPlay":"$undefined","display":"block","children":"import DOMPurify from 'dompurify';\n\nfunction Preview({ content }: PreviewProps) {\n const previewRef = useRef(null);\n\n useEffect(() => {\n if (previewRef.current) {\n // DOMPurify will:\n // 1. Remove dangerous tags (