Cross site scripting attacks and same origin policy

前端 未结 2 1599
感情败类
感情败类 2021-02-06 04:46

I am familiar with the persistent and non-persistent XSS. I also know about Same origin policy that prevents/restricts requests originating from one websites page to go to anoth

2条回答
  •  予麋鹿
    予麋鹿 (楼主)
    2021-02-06 05:22

    SOP typically cannot prevent either XSS or CSRF.

    For XSS, jakber's answer already provides a good explanation. I just want to add that the reason to call this vulnerability "cross-site" is because the attacker can inject code (e.g.

提交回复
热议问题