Cross-Site Scripting (XSS) is a vulnerability where an attacker injects malicious scripts into your web pages, which are then executed in users’ browsers.
Example attack
<input value="<script>alert('Hacked!')</script>">
How BlackLab helps
BlackLab’s XSS plugin detects and blocks attempts to inject scripts, including:
<script> tags
Event handlers like onclick, onerror, onmouseover, etc.
Encoded payloads (%3Cscript%3E)
Example configuration:
BlackLab.configure do |config|
config.plugins = [
BlackLab::Plugins::XssPlugin.new(weight: 3)
]
end
XSS can steal user sessions or manipulate content in the browser. BlackLab stops malicious scripts before they reach your users.
