This course will be retired on June 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
In the last video, we explored how XSS works in theory. Now, letβs look at XSS in action and learn how to prevent it.
New Terms:
- Content Security Policy: a standard for adding which resources should be allowed to run (and which domains they can run on) via specific HTTP headers on a web app.
Further Reading:
OWASP XSS Prevention cheat sheet
Ngrok - A free service that letβs you access locally-running web servers via a unique, registered domain name in a matter of seconds.
SecurityHeaders.io
Content Security Policy overview: Developer Tools
Content Security Policy Node.js Library (and other security headers)
Cross-Domain requests in JavaScript
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up