Lecture 21: Cross-Site Scripting (XSS)
Intro to XSS, Review
Real-world XSS Attacks
(True/False) Reflected XSS requires the victim to visit a malicious link crafted by the attacker, but Stored XSS does not.
Consider an escaper that finds all instances of
</script> in user input and removes them. Can an attacker still perform an XSS attack with
<script> tags? If yes, write a malicious input that would bypass this escaping function. If no, explain why.