Welcome to the Web Vulnerability Examples repository! This project provides example code for various web vulnerabilities, including stored, reflected, and DOM-based XSS attacks, along with their mitigation strategies.
This repository aims to educate developers about common web vulnerabilities and how to mitigate them. Each vulnerability type contains multiple examples with accompanying explanations.
-
Example 1: A simple HTML page allows the user to select their preferred language via a dropdown menu. The default language can be set using a query parameter in the URL. This parameter is processed and written into the DOM, making it vulnerable to a DOM-based XSS attack. It uses
document.write
.- Mitigation Examples:
- Mitigation 1: Uses
textContent
instead ofdocument.write
to update the DOM safely. - Mitigation 2: Uses DOMPurify to sanitize input, ensuring that any potentially harmful scripts are removed before being inserted into the DOM.
- Mitigation 1: Uses
- Mitigation Examples:
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
This project is licensed under the MIT License. See the LICENSE file for details.