This repository contains a sample web application with Cross-Site Scripting (XSS) vulnerabilities and its attacker website.
The application is used to explain how XSS attacks work and how to fix those vulnerabilities in the article Defend Your Web Apps from Cross-Site Scripting (XSS)
This project uses the following technologies:
To run this project, follow these steps:
-
Clone this repository (
git clone https://github.com/auth0-blog/xss-sample-app.git) -
Move to the root folder of the project (
xss-sample-app) in your machine and install the dependencies by running the following command:npm install
-
To launch the web application, run the following command:
node server.js
-
Point your browser to http://localhost:3000 to access the sample web app.
-
To launch the attacker website, run the following command:
node attacker-server.js
-
Point your browser to http://localhost:4000 to access the attacker website
Please, read Defend Your Web Apps from Cross-Site Scripting (XSS) to learn more about XSS attacks and how to prevent them.