Skip to main content

Documentation Index

Fetch the complete documentation index at: https://blacklab.windmotion.io/llms.txt

Use this file to discover all available pages before exploring further.

Cross-Site Scripting (XSS) is a vulnerability where an attacker injects malicious scripts into your web pages, which are then executed in users’ browsers.

Example attack

<input value="<script>alert('Hacked!')</script>">
If the app renders this input without proper sanitization, the script runs in the browser.

How BlackLab helps

BlackLab’s XSS plugin detects and blocks attempts to inject scripts, including: <script> tags Event handlers like onclick, onerror, onmouseover, etc. Encoded payloads (%3Cscript%3E) Example configuration: 

BlackLab.configure do |config|
  config.plugins = [
    BlackLab::Plugins::XssPlugin.new(weight: 3)
  ]
end
XSS can steal user sessions or manipulate content in the browser. BlackLab stops malicious scripts before they reach your users.