XSS (Cross-Site Scripting)

// Definition

An attack where attacker-controlled JavaScript executes in another user's browser, often via unescaped input rendered into HTML. Categories include reflected, stored, and DOM-based. Mitigated by output encoding and a strict Content Security Policy.

// Why it matters

XSS injects attacker-controlled script into a page other users load, hijacking sessions or defacing UI. For QA it's the canonical input-validation test: anywhere user input is later rendered — comments, names, search terms reflected back — is a candidate. Stored XSS is the dangerous variant because one bad input poisons every viewer.

// How to test

const payload = `<img src=x onerror="window.__xss=1">`
cy.visit('/profile/edit')
cy.get('[data-cy=display-name]').clear().type(payload)
cy.get('[data-cy=save]').click()

cy.visit('/profile')                  // reload where it renders
cy.window().should('not.have.property', '__xss') // script must NOT execute
cy.contains(payload)                  // it should appear as escaped text

// Related terms

• SQL Injection

  An attack where untrusted input is concatenated into a SQL query, letting an attacker exfiltrate or modify data. Mitigated with parameterised queries and ORM usage. Tested with crafted payloads at every input that reaches the database.

• OWASP

  Open Worldwide Application Security Project — a non-profit publishing free security guidance, including the OWASP Top 10 list of the most critical web application risks. The default reference for application security testing.

• Vulnerability Scanning

  Automated scanning of code, dependencies, or running systems for known security weaknesses (CVEs, misconfigurations). Cheap, continuous, and noisy — best paired with manual penetration testing for deeper coverage.