Cracking Websites with Cross Site Scripting - Computerphile
1,521,938
Published 2013-10-23
JavaScript is dangerous! Why? How are websites vulnerable to it? Find out about bug-bounties from Tom Scott.
More from Tom Scott: youtube.com/user/enyay and twitter.com/tomscott
www.facebook.com/computerphile
twitter.com/computer_phile
This video was filmed and edited by Sean Riley.
Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: bit.ly/bradychannels
All Comments (21)
-
now, should we keep that end graphic? :)
-
That's Javascript! I'm gonna run that!!! -Quote of the year.
-
"That's JavaScript code! I'm gonna run that!" Gotta love the childlike enthusiasm of this personification of web browsers.
-
There's a comment in a Javascript project I worked on that says: [bunch of checks for user input] //You know, if the users could just be more considerate //I wouldn't have to do any of this.
-
html styling does not work in youtube comments. believe me
-
why in the world are you doing this in a hotel lobby?
-
The guy who found the Facebook vulnerability was actually rudely rejected by Facebook and got his well deserved money as donations!
-
I love Tom Scott's enthusiasm for this stuff!
-
Apparently HTML Works in YouTube Comments, judging by the large amount of bold comments Can I put bootstrap into my comments to make them look pretty?
-
"Which is not entiiiirely legal under the computer misuse act, but no one pressed charges" I didn't know he was such a rebel XD
-
In a very dark place that wouldn't let us use a light! - its the Renaissance Hotel at St Pancras, London >Sean
-
Another cool thing for input dropdowns, is changing the value of one of the
-
The ending
doesn't have a dash because you are supposed to binge the next 20 computerphile videos after it... -
I love these videos because they explain how people have broken into webpages to re-write them, steal info, etc. You always hear how vulnerable stuff can be but never the specifics about how people get in. Great videos as usual, Brady!
-
I didn't understand a single word of what that guy just said but he's super engaging and the 8 minutes flew by.
-
Client side filtering is a good idea because it can make it easier on the legitimate user. E.g. tell them the phone number is invalid before they hit submit, saving them time. But client side prefiltering does not add any additional security. All inputs must be fully validated at the server. There is no guarantee that an attacker will be using a polite client that follows your prefiltering rules. An attacker can download the page and remove the rules.
-
I love this guys enthusiasm when explaining. Makes it more interesting.
-
bold slant strike Magic
-
Tom Scott is definitely my new favorite, especially considering all of Brady's other channels have slowed down. Tom is making a very good showing. Keep it up.
-
Tom explains this in 8 mins better than my Network security professor in an entire lecture