What Is Cross-site Scripting (XSS) And How Can You Fix It?

Cross-site scripting (XSS) is a type of attack that can be carried out to compromise users of a website. The exploitation of a XSS flaw enables attackers to inject client-side scripts into web pages viewed by users. Listed as one of the OWASP Top 10 vulnerabilities, XSS is the most common vulnerability submitted on the Detectify Crowdsource platform therefore a security risk our tool continually checks for.

Cross-site scripting: What can happen?

The attacker may:

gain access to users cookies, session IDs, passwords, private messages, etc
read and access the content of a page for any attacked user and therefore all the information displayed to the user
compromise the content shown to the user

A notable XSS attack was the Tweetdeck XSS worm published in 2014. It allowed the attacker to spread his malicious payload to all Tweetdeck users via Twitter, hence causing a mass compromise of Twitter accounts.

XSS Proof-of-Concept video:

Example of Cross-site scripting (XSS)

To show how the vulnerability works, let’s look at an example. Say you have a search box on your site. If there is no result, the site should say “Could not find any pages when searching for [what the user searched for].”.

Doing this in PHP it might look something like this:

This would, in other words, output the user supplied data (the search query) straight into the HTML document. If the search query contains HTML, the user’s web browser will render it. Imagine an attacker sends a link like the following to a victim:

http://example.com/search.php?query=

This would make the victim search for:

Since there is no validation of the data, the target browser will render:

Could not find any pages when searching for

The injected HTML will be executed. The HTML contains a script tag which will evaluate JavaScript. The JavaScript will grab the user’s cookie and send it off bounds to a third party domain of the attackers control. The attacker will then be able to set their own cookie to the victim’s stolen one, hence gaining access the victim’s data. This is a common example of a privilege escalation attack by the means of cross-site scripting and session riding.

Cross-site scripting Remediation

The remediation of XSS vulnerabilities is heavily context-dependent and the patches vary. Here are some general tips (where UNTRUSTED is where user supplied data).

HTML Body

Example

UNTRUSTED

Solution
Convert to HTML entities (ie. & to & etc).
See PHP htmlspecialchars()

HTML Attributes

Example

Solution
Convert the untrusted user input to HTML entities to prevent the creation of other attributes and nver let any user data into the “id”, “class” or “name” parameters. Be very cautious when providing user data into DOM event handlers (e.g. onclick), at they are made to execute JavaScript.

Untrusted URL

Example

link

</pre>
<p><strong>Solution</strong><br />URL encode the user data, whitelist known URLs and run the user data through a proper URL library in your language. Take notice to the protocol specified and if you expect HTTP or HTTPS links, whitelist those. Prevent JavaScript from running by using a protocol handler.</p>
<h3>GET parameter</h3>
<p><strong>Example</strong></p>
<pre class="prettyprint">link
</pre>
<p><strong>Solution</strong><br />URL encode the user data and prevent the use of ampersand as it may lead to parameter pollution issues.</p>
<h3>CSS value</h3>
<p><strong>Example</strong></p>
<pre class="prettyprint"><div style="height:UNTRUSTED;"></div>
</pre>
<p><strong>Solution</strong><br />CSS hex encode the value.</p>
<h2>Javascript variable</h2>
<p><strong>Example</strong></p>
<pre class="prettyprint"><script type="rocketlazyloadscript">var value="https://blog.detectify.com/2015/12/16/what-is-cross-site-scripting-and-how-can-you-fix-it/UNTRUSTED";</script>
</pre>
<p><strong>Solution</strong><br />Quote around variable and hex encode. Prevent line breaks.</p>
<h3>DOM XSS</h3>
<p><strong>Example</strong></p>
<pre class="prettyprint">element.innerHTML = UNTRUSTED
</pre>
<p><strong>Solution</strong><br />Sanitize using a library written in the language you use. Enforce the use of safer functions whenever applicable (e. g. innerText instead of innerHTML). Be very careful when determining what data is allowed to be printed. It’s better to have a whitelist of allowed characters than a blacklist.</p>
<p>For a more extensive list of tips, see OWASP XSS prevention tips.</p>
<h2>How Detectify can help</h2>
<p>Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including Cross-site scripting (XSS). Sign up for a free trial and find out if you are vulnerable »</p>
<h2>Resources</h2>
<p>This article was updated on 7 August 2018.</p>
</p></div>
<p><br />
<br /><a href="https://blog.detectify.com/2015/12/16/what-is-cross-site-scripting-and-how-can-you-fix-it/" target="_blank" rel="noopener">Source link </a></p>
    </div><!-- .entry-content -->

    
    
            
</div>
</article>


	<nav class="navigation post-navigation" aria-label="Posts">
		<h2 class="screen-reader-text">Post navigation</h2>
		<div class="nav-links"><div class="nav-previous"><a href="https://cybernoz.com/using-tech-for-good-introducing-the-zensory/" rel="prev">Using Tech For Good: Introducing The Zensory &rarr;</a></div><div class="nav-next"><a href="https://cybernoz.com/snatch-ransomware-attacks-medical-societies-in-us-canada/" rel="next">&larr; Snatch Ransomware Attacks Medical Societies In US &#038; Canada</a></div></div>
	</nav>
<div class="clear"></div>
</div><!--/#gridhot-posts-wrapper -->




</div>
</div>
</div><!-- /#gridhot-main-wrapper -->



<div class="gridhot-sidebar-one-wrapper gridhot-sidebar-widget-areas gridhot-clearfix" id="gridhot-sidebar-one-wrapper" itemscope="itemscope" itemtype="http://schema.org/WPSideBar" role="complementary">
<div class="theiaStickySidebar">
<div class="gridhot-sidebar-one-wrapper-inside gridhot-clearfix">

<div id="block-3" class="gridhot-side-widget widget gridhot-widget-box widget_block"><div class="gridhot-widget-box-inside">
<div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow">
<h2 class="wp-block-heading">Latest Posts</h2>


<ul class="wp-block-latest-posts__list wp-block-latest-posts"><li><a class="wp-block-latest-posts__post-title" href="https://cybernoz.com/what-is-technical-debt-and-how-is-it-impacting-your-organisation-promoted-content/">What Is Technical Debt and How Is It Impacting Your Organisation? &#8211; Promoted Content</a></li>
<li><a class="wp-block-latest-posts__post-title" href="https://cybernoz.com/boot-camp-builds-skills-of-new-and-future-cisos-security/">Boot camp builds skills of new and future CISOs &#8211; Security</a></li>
<li><a class="wp-block-latest-posts__post-title" href="https://cybernoz.com/tafe-nsw-reveals-44m-dell-master-contract-hardware/">TAFE NSW reveals $44m Dell &#8216;master contract&#8217; &#8211; Hardware</a></li>
<li><a class="wp-block-latest-posts__post-title" href="https://cybernoz.com/australian-government-dumps-plan-to-regulate-online-misinformation-software/">Australian government dumps plan to regulate online misinformation &#8211; Software</a></li>
<li><a class="wp-block-latest-posts__post-title" href="https://cybernoz.com/wa-police-spends-3-5m-on-starlink-data-services-telco-isp/">WA Police spends $3.5m on Starlink data services &#8211; Telco/ISP</a></li>
</ul></div></div>
</div></div><div id="custom_html-2" class="widget_text gridhot-side-widget widget gridhot-widget-box widget_custom_html"><div class="widget_text gridhot-widget-box-inside"><div class="gridhot-widget-header"><div class="gridhot-widget-header-inside"><h2 class="gridhot-widget-title"><span class="gridhot-widget-title-inside">Social?</span></h2></div></div><div class="textwidget custom-html-widget"><script type="rocketlazyloadscript" data-rocket-type="text/javascript">
	atOptions = {
		'key' : 'd763fe6a6c5ebe5ea235b8650bdb1880',
		'format' : 'iframe',
		'height' : 600,
		'width' : 160,
		'params' : {}
	};
</script>
<script type="rocketlazyloadscript" data-rocket-type="text/javascript" data-rocket-src="//www.topcreativeformat.com/d763fe6a6c5ebe5ea235b8650bdb1880/invoke.js" data-rocket-defer defer></script></div></div></div>
</div>
</div>
</div><!-- /#gridhot-sidebar-one-wrapper-->



</div>

</div><!--/#gridhot-content-wrapper -->
</div><!--/#gridhot-wrapper -->









<div class='gridhot-clearfix' id='gridhot-copyright-area'>
<div class='gridhot-copyright-area-inside gridhot-container'>
<div class="gridhot-outer-wrapper">

<div class='gridhot-copyright-area-inside-content gridhot-clearfix'>

  <p class='gridhot-copyright'>Copyright &copy; 2024 Cybernoz</p>
<p class='gridhot-credit'><a href="https://themesdna.com/">Design by ThemesDNA.com</a></p>

</div>

</div>
</div>
</div><!--/#gridhot-copyright-area -->

<button class="gridhot-scroll-top" title="Scroll to Top"><i class="fas fa-arrow-up" aria-hidden="true"></i><span class="gridhot-sr-only">Scroll to Top</span></button>
<link data-minify="1" rel='stylesheet' id='whp6254tw-bs4.css-css' href='https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/inc/assets/css/tw-bs4.css?ver=1732469471' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='whp1585font-awesome.min.css-css' href='https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/inc/fa/css/font-awesome.min.css?ver=1732469471' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='whp1662front.css-css' href='https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/css/front.css?ver=1732469471' type='text/css' media='all' />
<script type="rocketlazyloadscript" data-rocket-type="text/javascript" id="rocket-browser-checker-js-after">
/* <![CDATA[ */
"use strict";var _createClass=function(){function defineProperties(target,props){for(var i=0;i<props.length;i++){var descriptor=props[i];descriptor.enumerable=descriptor.enumerable||!1,descriptor.configurable=!0,"value"in descriptor&&(descriptor.writable=!0),Object.defineProperty(target,descriptor.key,descriptor)}}return function(Constructor,protoProps,staticProps){return protoProps&&defineProperties(Constructor.prototype,protoProps),staticProps&&defineProperties(Constructor,staticProps),Constructor}}();function _classCallCheck(instance,Constructor){if(!(instance instanceof Constructor))throw new TypeError("Cannot call a class as a function")}var RocketBrowserCompatibilityChecker=function(){function RocketBrowserCompatibilityChecker(options){_classCallCheck(this,RocketBrowserCompatibilityChecker),this.passiveSupported=!1,this._checkPassiveOption(this),this.options=!!this.passiveSupported&&options}return _createClass(RocketBrowserCompatibilityChecker,[{key:"_checkPassiveOption",value:function(self){try{var options={get passive(){return!(self.passiveSupported=!0)}};window.addEventListener("test",null,options),window.removeEventListener("test",null,options)}catch(err){self.passiveSupported=!1}}},{key:"initRequestIdleCallback",value:function(){!1 in window&&(window.requestIdleCallback=function(cb){var start=Date.now();return setTimeout(function(){cb({didTimeout:!1,timeRemaining:function(){return Math.max(0,50-(Date.now()-start))}})},1)}),!1 in window&&(window.cancelIdleCallback=function(id){return clearTimeout(id)})}},{key:"isDataSaverModeOn",value:function(){return"connection"in navigator&&!0===navigator.connection.saveData}},{key:"supportsLinkPrefetch",value:function(){var elem=document.createElement("link");return elem.relList&&elem.relList.supports&&elem.relList.supports("prefetch")&&window.IntersectionObserver&&"isIntersecting"in IntersectionObserverEntry.prototype}},{key:"isSlowConnection",value:function(){return"connection"in navigator&&"effectiveType"in navigator.connection&&("2g"===navigator.connection.effectiveType||"slow-2g"===navigator.connection.effectiveType)}}]),RocketBrowserCompatibilityChecker}();
/* ]]> */
</script>
<script type="text/javascript" id="rocket-preload-links-js-extra">
/* <![CDATA[ */
var RocketPreloadLinksConfig = {"excludeUris":"\/(?:.+\/)?feed(?:\/(?:.+\/?)?)?$|\/(?:.+\/)?embed\/|\/(index.php\/)?(.*)wp-json(\/.*|$)|\/refer\/|\/go\/|\/recommend\/|\/recommends\/","usesTrailingSlash":"1","imageExt":"jpg|jpeg|gif|png|tiff|bmp|webp|avif|pdf|doc|docx|xls|xlsx|php","fileExt":"jpg|jpeg|gif|png|tiff|bmp|webp|avif|pdf|doc|docx|xls|xlsx|php|html|htm","siteUrl":"https:\/\/cybernoz.com","onHoverDelay":"100","rateThrottle":"3"};
/* ]]> */
</script>
<script type="rocketlazyloadscript" data-rocket-type="text/javascript" id="rocket-preload-links-js-after">
/* <![CDATA[ */
(function() {
"use strict";var r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e=function(){function i(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}return function(e,t,n){return t&&i(e.prototype,t),n&&i(e,n),e}}();function i(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}var t=function(){function n(e,t){i(this,n),this.browser=e,this.config=t,this.options=this.browser.options,this.prefetched=new Set,this.eventTime=null,this.threshold=1111,this.numOnHover=0}return e(n,[{key:"init",value:function(){!this.browser.supportsLinkPrefetch()||this.browser.isDataSaverModeOn()||this.browser.isSlowConnection()||(this.regex={excludeUris:RegExp(this.config.excludeUris,"i"),images:RegExp(".("+this.config.imageExt+")$","i"),fileExt:RegExp(".("+this.config.fileExt+")$","i")},this._initListeners(this))}},{key:"_initListeners",value:function(e){-1<this.config.onHoverDelay&&document.addEventListener("mouseover",e.listener.bind(e),e.listenerOptions),document.addEventListener("mousedown",e.listener.bind(e),e.listenerOptions),document.addEventListener("touchstart",e.listener.bind(e),e.listenerOptions)}},{key:"listener",value:function(e){var t=e.target.closest("a"),n=this._prepareUrl(t);if(null!==n)switch(e.type){case"mousedown":case"touchstart":this._addPrefetchLink(n);break;case"mouseover":this._earlyPrefetch(t,n,"mouseout")}}},{key:"_earlyPrefetch",value:function(t,e,n){var i=this,r=setTimeout(function(){if(r=null,0===i.numOnHover)setTimeout(function(){return i.numOnHover=0},1e3);else if(i.numOnHover>i.config.rateThrottle)return;i.numOnHover++,i._addPrefetchLink(e)},this.config.onHoverDelay);t.addEventListener(n,function e(){t.removeEventListener(n,e,{passive:!0}),null!==r&&(clearTimeout(r),r=null)},{passive:!0})}},{key:"_addPrefetchLink",value:function(i){return this.prefetched.add(i.href),new Promise(function(e,t){var n=document.createElement("link");n.rel="prefetch",n.href=i.href,n.onload=e,n.onerror=t,document.head.appendChild(n)}).catch(function(){})}},{key:"_prepareUrl",value:function(e){if(null===e||"object"!==(void 0===e?"undefined":r(e))||!1 in e||-1===["http:","https:"].indexOf(e.protocol))return null;var t=e.href.substring(0,this.config.siteUrl.length),n=this._getPathname(e.href,t),i={original:e.href,protocol:e.protocol,origin:t,pathname:n,href:t+n};return this._isLinkOk(i)?i:null}},{key:"_getPathname",value:function(e,t){var n=t?e.substring(this.config.siteUrl.length):e;return n.startsWith("/")||(n="/"+n),this._shouldAddTrailingSlash(n)?n+"/":n}},{key:"_shouldAddTrailingSlash",value:function(e){return this.config.usesTrailingSlash&&!e.endsWith("/")&&!this.regex.fileExt.test(e)}},{key:"_isLinkOk",value:function(e){return null!==e&&"object"===(void 0===e?"undefined":r(e))&&(!this.prefetched.has(e.href)&&e.origin===this.config.siteUrl&&-1===e.href.indexOf("?")&&-1===e.href.indexOf("#")&&!this.regex.excludeUris.test(e.href)&&!this.regex.images.test(e.href))}}],[{key:"run",value:function(){"undefined"!=typeof RocketPreloadLinksConfig&&new n(new RocketBrowserCompatibilityChecker({capture:!0,passive:!0}),RocketPreloadLinksConfig).init()}}]),n}();t.run();
}());
/* ]]> */
</script>
<script type="text/javascript" id="rocket_lazyload_css-js-extra">
/* <![CDATA[ */
var rocket_lazyload_css_data = {"threshold":"300"};
/* ]]> */
</script>
<script type="text/javascript" id="rocket_lazyload_css-js-after">
/* <![CDATA[ */
!function o(n,c,a){function u(t,e){if(!c[t]){if(!n[t]){var r="function"==typeof require&&require;if(!e&&r)return r(t,!0);if(s)return s(t,!0);throw(e=new Error("Cannot find module '"+t+"'")).code="MODULE_NOT_FOUND",e}r=c[t]={exports:{}},n[t][0].call(r.exports,function(e){return u(n[t][1][e]||e)},r,r.exports,o,n,c,a)}return c[t].exports}for(var s="function"==typeof require&&require,e=0;e<a.length;e++)u(a[e]);return u}({1:[function(e,t,r){"use strict";{const c="undefined"==typeof rocket_pairs?[]:rocket_pairs,a=(("undefined"==typeof rocket_excluded_pairs?[]:rocket_excluded_pairs).map(t=>{var e=t.selector;document.querySelectorAll(e).forEach(e=>{e.setAttribute("data-rocket-lazy-bg-"+t.hash,"excluded")})}),document.querySelector("#wpr-lazyload-bg-container"));var o=rocket_lazyload_css_data.threshold||300;const u=new IntersectionObserver(e=>{e.forEach(t=>{t.isIntersecting&&c.filter(e=>t.target.matches(e.selector)).map(t=>{var e;t&&((e=document.createElement("style")).textContent=t.style,a.insertAdjacentElement("afterend",e),t.elements.forEach(e=>{u.unobserve(e),e.setAttribute("data-rocket-lazy-bg-"+t.hash,"loaded")}))})})},{rootMargin:o+"px"});function n(){0<(0<arguments.length&&void 0!==arguments[0]?arguments[0]:[]).length&&c.forEach(t=>{try{document.querySelectorAll(t.selector).forEach(e=>{"loaded"!==e.getAttribute("data-rocket-lazy-bg-"+t.hash)&&"excluded"!==e.getAttribute("data-rocket-lazy-bg-"+t.hash)&&(u.observe(e),(t.elements||=[]).push(e))})}catch(e){console.error(e)}})}n(),function(){const r=window.MutationObserver;return function(e,t){if(e&&1===e.nodeType)return(t=new r(t)).observe(e,{attributes:!0,childList:!0,subtree:!0}),t}}()(document.querySelector("body"),n)}},{}]},{},[1]);
/* ]]> */
</script>
<script type="text/javascript" src="https://cdn.cybernoz.com/wp-content/themes/gridhot/assets/js/jquery.fitvids.min.js" id="fitvids-js" data-rocket-defer defer></script>
<script type="rocketlazyloadscript" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-content/themes/gridhot/assets/js/ResizeSensor.min.js" id="ResizeSensor-js" data-rocket-defer defer></script>
<script type="rocketlazyloadscript" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-content/themes/gridhot/assets/js/theia-sticky-sidebar.min.js" id="theia-sticky-sidebar-js" data-rocket-defer defer></script>
<script type="rocketlazyloadscript" data-minify="1" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/themes/gridhot/assets/js/navigation.js?ver=1732469471" id="gridhot-navigation-js" data-rocket-defer defer></script>
<script type="rocketlazyloadscript" data-minify="1" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/themes/gridhot/assets/js/skip-link-focus-fix.js?ver=1732469471" id="gridhot-skip-link-focus-fix-js" data-rocket-defer defer></script>
<script type="rocketlazyloadscript" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-includes/js/imagesloaded.min.js" id="imagesloaded-js" data-rocket-defer defer></script>
<script type="text/javascript" id="gridhot-customjs-js-extra">
/* <![CDATA[ */
var gridhot_ajax_object = {"ajaxurl":"https:\/\/cybernoz.com\/wp-admin\/admin-ajax.php","primary_menu_active":"1","secondary_menu_active":"1","sticky_sidebar_active":"1","fitvids_active":"1","backtotop_active":"1"};
/* ]]> */
</script>
<script type="rocketlazyloadscript" data-minify="1" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/themes/gridhot/assets/js/custom.js?ver=1732469471" id="gridhot-customjs-js" data-rocket-defer defer></script>
<script type="text/javascript" id="gridhot-html5shiv-js-js-extra">
/* <![CDATA[ */
var gridhot_custom_script_vars = {"elements_name":"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video"};
/* ]]> */
</script>
<script type="rocketlazyloadscript" data-minify="1" data-rocket-type="text/javascript" data-rocket-src="https://cdn.cybernoz.com/wp-content/cache/min/1/wp-content/themes/gridhot/assets/js/html5shiv.js?ver=1732469471" id="gridhot-html5shiv-js-js" data-rocket-defer defer></script>
<script>window.lazyLoadOptions=[{elements_selector:"img[data-lazy-src],.rocket-lazyload,iframe[data-lazy-src]",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,callback_loaded:function(element){if(element.tagName==="IFRAME"&&element.dataset.rocketLazyload=="fitvidscompatible"){if(element.classList.contains("lazyloaded")){if(typeof window.jQuery!="undefined"){if(jQuery.fn.fitVids){jQuery(element).parent().fitVids()}}}}}},{elements_selector:".rocket-lazyload",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,}];window.addEventListener('LazyLoad::Initialized',function(e){var lazyLoadInstance=e.detail.instance;if(window.MutationObserver){var observer=new MutationObserver(function(mutations){var image_count=0;var iframe_count=0;var rocketlazy_count=0;mutations.forEach(function(mutation){for(var i=0;i<mutation.addedNodes.length;i++){if(typeof mutation.addedNodes[i].getElementsByTagName!=='function'){continue}
if(typeof mutation.addedNodes[i].getElementsByClassName!=='function'){continue}
images=mutation.addedNodes[i].getElementsByTagName('img');is_image=mutation.addedNodes[i].tagName=="IMG";iframes=mutation.addedNodes[i].getElementsByTagName('iframe');is_iframe=mutation.addedNodes[i].tagName=="IFRAME";rocket_lazy=mutation.addedNodes[i].getElementsByClassName('rocket-lazyload');image_count+=images.length;iframe_count+=iframes.length;rocketlazy_count+=rocket_lazy.length;if(is_image){image_count+=1}
if(is_iframe){iframe_count+=1}}});if(image_count>0||iframe_count>0||rocketlazy_count>0){lazyLoadInstance.update()}});var b=document.getElementsByTagName("body")[0];var config={childList:!0,subtree:!0};observer.observe(b,config)}},!1)</script><script data-no-minify="1" async src="https://cdn.cybernoz.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js"></script><script>function lazyLoadThumb(e,alt,l){var t='<img data-lazy-src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"><noscript><img src="https://i.ytimg.com/vi/ID/hqdefault.jpg" alt="" width="480" height="360"></noscript>',a='<button class="play" aria-label="play Youtube video"></button>';if(l){t=t.replace('data-lazy-','');t=t.replace('loading="lazy"','');t=t.replace(/<noscript>.*?<\/noscript>/g,'');}t=t.replace('alt=""','alt="'+alt+'"');return t.replace("ID",e)+a}function lazyLoadYoutubeIframe(){var e=document.createElement("iframe"),t="ID?autoplay=1";t+=0===this.parentNode.dataset.query.length?"":"&"+this.parentNode.dataset.query;e.setAttribute("src",t.replace("ID",this.parentNode.dataset.src)),e.setAttribute("frameborder","0"),e.setAttribute("allowfullscreen","1"),e.setAttribute("allow","accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture"),this.parentNode.parentNode.replaceChild(e,this.parentNode)}document.addEventListener("DOMContentLoaded",function(){var exclusions=[];var e,t,p,u,l,a=document.getElementsByClassName("rll-youtube-player");for(t=0;t<a.length;t++)(e=document.createElement("div")),(u='https://i.ytimg.com/vi/ID/hqdefault.jpg'),(u=u.replace('ID',a[t].dataset.id)),(l=exclusions.some(exclusion=>u.includes(exclusion))),e.setAttribute("data-id",a[t].dataset.id),e.setAttribute("data-query",a[t].dataset.query),e.setAttribute("data-src",a[t].dataset.src),(e.innerHTML=lazyLoadThumb(a[t].dataset.id,a[t].dataset.alt,l)),a[t].appendChild(e),(p=e.querySelector(".play")),(p.onclick=lazyLoadYoutubeIframe)});</script><script>var rocket_beacon_data = {"ajax_url":"https:\/\/cybernoz.com\/wp-admin\/admin-ajax.php","nonce":"5c045ea2c0","url":"https:\/\/cybernoz.com\/what-is-cross-site-scripting-xss-and-how-can-you-fix-it","is_mobile":false,"width_threshold":1600,"height_threshold":700,"delay":500,"debug":null,"status":{"atf":true,"lrc":true},"elements":"img, video, picture, p, main, div, li, svg, section, header, span","lrc_threshold":1800}</script><script data-name="wpr-wpr-beacon" src='https://cybernoz.com/wp-content/plugins/wp-rocket/assets/js/wpr-beacon.min.js' async></script></body>
</html>
<!-- This website is like a Rocket, isn't it? Performance optimized by WP Rocket. Learn more: https://wp-rocket.me -->