The second client Script security Chapter 2nd browser Security 1. Homologous policy: Domain Division 2. Browser sandbox: Allow untrusted code to run in the sandbox for isolation; 3. Malicious URL interception: Public organizations to provide blacklists; EV digital certificate authentication secure website; 4. The high-speed development browser Security browser set the XSS attack principle, followed by the security policy, but the browser for the user's humanized use, the set of matching rules will often be exploited by hackers; Chapter 3rd cross-site scripting attacks (XSS)
1. Introduction to XSS
XSS refers to the hacker using HTML injection to tamper with the page, insert malicious script, so that users use,
The first is reflective XSS.
Also known as non-persistent XSS, by enticing users to click on a link,
The first is the storage-type XSS
4th Cross-site request forgery (CSRF) Chapter 5th Click Hijack (ClickJacking) 6th Chapter HTML 5 Security
White hat Talk Safe Learning Note (ii): client-side scripting security
