{"id":3810,"date":"2020-10-14T11:25:00","date_gmt":"2020-10-14T11:25:00","guid":{"rendered":"http:\/\/the-codest.localhost\/blog\/web-app-security-xss-vulnerability\/"},"modified":"2026-04-27T10:24:05","modified_gmt":"2026-04-27T10:24:05","slug":"webapp-sikkerhed-xss-sarbarhed","status":"publish","type":"post","link":"https:\/\/thecodest.co\/da\/blog\/web-app-security-xss-vulnerability\/","title":{"rendered":"Webapp-sikkerhed - XSS-s\u00e5rbarhed"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Angrebsscenarie<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Angriberen finder XSS-s\u00e5rbarheden p\u00e5 en hjemmeside, der bruges af offeret, f.eks. en banks hjemmeside.<\/li>\n\n\n\n<li>Offeret er i \u00f8jeblikket logget ind p\u00e5 denne side<\/li>\n\n\n\n<li>Angriberen sender offeret en forfalsket URL<\/li>\n\n\n\n<li>Offeret klikker p\u00e5 URL'en<\/li>\n\n\n\n<li>P\u00e5 offerets <a href=\"https:\/\/thecodest.co\/da\/dictionary\/how-fintech-helps-banks\/\">Bank<\/a> hjemmeside, <a href=\"https:\/\/thecodest.co\/da\/blog\/hire-javascript-developer\/\">JavaScript<\/a> <a href=\"https:\/\/thecodest.co\/da\/dictionary\/what-is-code-refactoring\/\">Kode<\/a> begynder at udf\u00f8re for at opfange brugerens <a href=\"https:\/\/thecodest.co\/da\/blog\/app-data-collection-security-risks-value-and-types-explored\/\">data<\/a> eller udf\u00f8re en overf\u00f8rsel p\u00e5 hans vegne til angriberens konto<\/li>\n<\/ol>\n\n\n\n<p>Det er v\u00e6rd at bem\u00e6rke, at operationer, der udf\u00f8res p\u00e5 vegne af offeret, kan v\u00e6re usynlige for offeret, da de kan finde sted i baggrunden ved hj\u00e6lp af bankens <a href=\"https:\/\/thecodest.co\/da\/blog\/compare-staff-augmentation-firms-that-excel-in-api-team-staffing-for-financial-technology-projects\/\">API<\/a>, eller angriberen kan udf\u00f8re dem senere med de data, der er n\u00f8dvendige for autentificering, tokens, cookies osv.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">XSS-typer<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Reflekteret XSS <\/h3>\n\n\n\n<p>Det er en, hvor HTML\/JavaScript-kode indeholdt i en hvilken som helst parameter (f.eks. GET, POST eller cookie) vises som svar.<\/p>\n\n\n\n<p>En side med et tekstinput til at s\u00f8ge efter noget, der s\u00e6tter parameteren <code>?search=foo<\/code> i slutningen af URL'en, n\u00e5r API'en foresp\u00f8rges. Efter indtastning af en s\u00e6tning, hvis den ikke findes, placeres en returmeddelelse i HTML ex.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"markup\" class=\"language-markup\">&lt;div&gt;Intet resultat fundet for &lt;b&gt;Fjols&lt;\/b&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p>Vi kan pr\u00f8ve at s\u00e6tte URL'en ind <code>?search=.<\/code>..<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.DOM XSS <\/h3>\n\n\n\n<p>Det er, n\u00e5r dens udf\u00f8relse aktiveres ved brug af farlige funktioner i JavaScript, s\u00e5som <code>`eval`<\/code> eller <code>`innerHtml`<\/code>. \"Live-eksemplet\" nedenfor viser et DOM XSS-angreb baseret p\u00e5 <code>`innerHtml`<\/code> funktion.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Gemt XSS <\/h3>\n\n\n\n<p>Her bliver den ondsindede kode skrevet p\u00e5 serversiden. Vi kan f.eks. sende en kommentar med ondsindet kode til et blogindl\u00e6g, som uploades til serveren. Dens opgave er f.eks. at vente p\u00e5 administratorens moderering og derefter stj\u00e6le hans sessionsdata osv.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Injektionsmetoder<\/h2>\n\n\n\n<p>1. I tag-indholdet<\/p>\n\n\n\n<p><code>`onerror=alert('XSS')`<\/code>ind i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;img src onerror=&quot;alert(&#039;XSS&#039;)&quot; \/&gt;<\/code><\/pre>\n\n\n\n<p>2. I indholdet af attributten<\/p>\n\n\n\n<p><code>`\" onmouseover=alert('XSS')`<\/code> ind i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;div class=&quot;&quot; onmouseover=&quot;alert(&#039;XSS&#039;)&quot;&quot;&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>I indholdet af attributten uden anf\u00f8rselstegnene<\/li>\n<\/ol>\n\n\n\n<p><code>x onclick=alert('XSS')<\/code>ind i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;div class=&quot;x&quot; onclick=&quot;alert(&#039;XSS&#039;)&quot;&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>I <code>href<\/code>ef-attribut<\/li>\n<\/ol>\n\n\n\n<p><code>javascript:alert('XSS')<\/code> ind i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"javascript\" class=\"language-javascript\">&lt;a href=&quot;javascript:alert(&#039;XSS&#039;)&quot;&gt;&lt;\/a&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li>I strengen inde i JavaScript-koden<\/li>\n<\/ol>\n\n\n\n<p><code>\";alert('XSS')\/\/.<\/code> ind i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">.<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li>I attributten med JavaScript-begivenheden<\/li>\n<\/ol>\n\n\n\n<p><code>&#039;);alert('XSS')\/\/.<\/code> hvor <code>&#039;<\/code> er et enkelt anf\u00f8rselstegn, i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"markup\" class=\"language-markup\">&lt;div onclick=&quot;change(&#039;&amp;#39;);alert(&#039;XSS&#039;)\/\/&#039;)&quot;&gt;John&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li>I <code>href<\/code> attribut inde i JavaScript-protokollen<\/li>\n<\/ol>\n\n\n\n<p><code>);alert(1)\/\/<\/code> hvor <code>%27<\/code> er et enkelt anf\u00f8rselstegn, i<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"javascript\" class=\"language-javascript\">&lt;a href=&quot;javascript:change(&#039;%27);alert(1)\/\/&#039;)&quot;&gt;klik&lt;\/a&gt;<\/code><\/pre>\n\n\n\n<p><code><br> <\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Et levende eksempel<\/h3>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-codesandbox wp-block-embed-codesandbox\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"XSS-s\u00e5rbarhed\" width=\"500\" height=\"750\" src=\"https:\/\/codesandbox.io\/embed\/xss-vulnerability-iedok#?secret=JCHK6BCh6d\" data-secret=\"JCHK6BCh6d\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Forsvarsmetoder<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Datakodning ved hj\u00e6lp af indbyggede funktioner, der findes i mange <a href=\"https:\/\/thecodest.co\/da\/blog\/top-programming-languages-to-build-e-commerce\/\">programmeringssprog<\/a>.<\/li>\n\n\n\n<li>Brug af skabelonsystemer med automatisk kodning. De fleste af de popul\u00e6re frameworks, der bruger s\u00e5danne systemer, beskytter <a href=\"https:\/\/thecodest.co\/da\/blog\/why-us-companies-are-opting-for-polish-developers\/\">os<\/a> fra XSS-injektion (<a href=\"https:\/\/thecodest.co\/da\/blog\/hire-django-developers\/\">Django<\/a>, skabeloner, <a href=\"https:\/\/thecodest.co\/da\/blog\/hire-vue-js-developers\/\">Vue<\/a>, <a href=\"https:\/\/thecodest.co\/da\/blog\/conditional-component-visibility-in-react\/\">React<\/a> osv.).<\/li>\n\n\n\n<li>Brug ikke funktioner som <code>eval<\/code> eller <code>Funktion<\/code> med brugerdata, der ikke er tillid til.<\/li>\n\n\n\n<li>Brug ikke funktioner og egenskaber, der tildeler HTML-kode direkte til DOM-tr\u00e6elementerne, f.eks, <code>innerHTML<\/code>, <code>ydreHTML<\/code>, <code>inds\u00e6tAdjacentHTML<\/code>, <code>ocument.write<\/code>. I stedet kan du bruge funktioner, der tildeler tekst direkte til disse elementer, f.eks. <code>tekstIndhold<\/code> eller <code>indreTekst<\/code>.<\/li>\n\n\n\n<li>V\u00e6r forsigtig, n\u00e5r du omdirigerer brugeren til en URL, der er under hans kontrol. Risiko for injektion <code>location = 'javascript('XSS')'<\/code>.<\/li>\n\n\n\n<li>Filtrer HTML ved hj\u00e6lp af biblioteker som f.eks. <code>DOMPurify<\/code>.<\/li>\n\n\n\n<li>V\u00e6r forsigtig med at uploade <code>.html<\/code> eller <code>.svg<\/code> filer. Du kan oprette et separat dom\u00e6ne, hvorfra de uploadede filer vil blive serveret.<\/li>\n\n\n\n<li>Brug den <code>Politik for indholdssikkerhed<\/code> mekanisme.<\/li>\n\n\n\n<li> <span style=\"font-size: revert; color: initial; font-family: -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen-Sans, Ubuntu, Cantarell, &quot;Helvetica Neue&quot;, sans-serif;\">Tag et kig p\u00e5 de anti-XSS-filtre, der er indbygget i de mest popul\u00e6re browsere.<\/span> <p><strong>Hvis du synes, at denne artikel er interessant, s\u00e5 f\u00f8lg Lukasz p\u00e5 Github:<\/strong> https:\/\/github.com\/twistezo<\/p> <\/li>\n<\/ol>\n\n\n\n<p><strong>L\u00e6s mere om det:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/data-fetching-strategies-in-nextjs\/\">Strategier for at hente data i NextJS<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/\">Rails API og CORS. Et strejf af bevidsthed<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/why-you-should-probably-use-typescript\/\">Hvorfor b\u00f8r du (sandsynligvis) bruge Typescript?<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>XSS-angreb g\u00f8r det muligt for angribere at inds\u00e6tte scripts p\u00e5 klientsiden i websider, der ses af andre brugere. De vigtigste effekter af denne s\u00e5rbarhed er muligheden for at udf\u00f8re handlinger i den indloggede brugers kontekst og l\u00e6se data i den indloggede brugers kontekst.<\/p>","protected":false},"author":2,"featured_media":3809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-3810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Web app security - XSS vulnerability - The Codest<\/title>\n<meta name=\"description\" content=\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecodest.co\/da\/blog\/webapp-sikkerhed-xss-sarbarhed\/\" \/>\n<meta property=\"og:locale\" content=\"da_DK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Web app security - XSS vulnerability\" \/>\n<meta property=\"og:description\" content=\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecodest.co\/da\/blog\/webapp-sikkerhed-xss-sarbarhed\/\" \/>\n<meta property=\"og:site_name\" content=\"The Codest\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-14T11:25:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-27T10:24:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"thecodest\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"thecodest\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutter\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"},\"author\":{\"name\":\"thecodest\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\"},\"headline\":\"Web app security &#8211; XSS vulnerability\",\"datePublished\":\"2020-10-14T11:25:00+00:00\",\"dateModified\":\"2026-04-27T10:24:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"},\"wordCount\":528,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"articleSection\":[\"Software Development\"],\"inLanguage\":\"da-DK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\",\"name\":\"Web app security - XSS vulnerability - The Codest\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"datePublished\":\"2020-10-14T11:25:00+00:00\",\"dateModified\":\"2026-04-27T10:24:05+00:00\",\"description\":\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"da-DK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/thecodest.co\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Web app security &#8211; XSS vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"name\":\"The Codest\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thecodest.co\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"da-DK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\",\"name\":\"The Codest\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"width\":144,\"height\":36,\"caption\":\"The Codest\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/pl.linkedin.com\\\/company\\\/codest\",\"https:\\\/\\\/clutch.co\\\/profile\\\/codest\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\",\"name\":\"thecodest\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"caption\":\"thecodest\"},\"url\":\"https:\\\/\\\/thecodest.co\\\/da\\\/author\\\/thecodest\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Webapp-sikkerhed - XSS-s\u00e5rbarhed - The Codest","description":"Udvid din viden om webapp-sikkerhed. Opdag, hvordan XSS-angreb kan p\u00e5virke banktransaktioner og brugernes sikkerhed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecodest.co\/da\/blog\/webapp-sikkerhed-xss-sarbarhed\/","og_locale":"da_DK","og_type":"article","og_title":"Web app security - XSS vulnerability","og_description":"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.","og_url":"https:\/\/thecodest.co\/da\/blog\/webapp-sikkerhed-xss-sarbarhed\/","og_site_name":"The Codest","article_published_time":"2020-10-14T11:25:00+00:00","article_modified_time":"2026-04-27T10:24:05+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","type":"image\/png"}],"author":"thecodest","twitter_card":"summary_large_image","twitter_misc":{"Written by":"thecodest","Est. reading time":"3 minutter"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#article","isPartOf":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"},"author":{"name":"thecodest","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76"},"headline":"Web app security &#8211; XSS vulnerability","datePublished":"2020-10-14T11:25:00+00:00","dateModified":"2026-04-27T10:24:05+00:00","mainEntityOfPage":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"},"wordCount":528,"commentCount":0,"publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"image":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","articleSection":["Software Development"],"inLanguage":"da-DK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/","url":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/","name":"Webapp-sikkerhed - XSS-s\u00e5rbarhed - The Codest","isPartOf":{"@id":"https:\/\/thecodest.co\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","datePublished":"2020-10-14T11:25:00+00:00","dateModified":"2026-04-27T10:24:05+00:00","description":"Udvid din viden om webapp-sikkerhed. Opdag, hvordan XSS-angreb kan p\u00e5virke banktransaktioner og brugernes sikkerhed.","breadcrumb":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#breadcrumb"},"inLanguage":"da-DK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thecodest.co\/"},{"@type":"ListItem","position":2,"name":"Web app security &#8211; XSS vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/thecodest.co\/#website","url":"https:\/\/thecodest.co\/","name":"Codest","description":"","publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecodest.co\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"da-DK"},{"@type":"Organization","@id":"https:\/\/thecodest.co\/#organization","name":"Codest","url":"https:\/\/thecodest.co\/","logo":{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","width":144,"height":36,"caption":"The Codest"},"image":{"@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/pl.linkedin.com\/company\/codest","https:\/\/clutch.co\/profile\/codest"]},{"@type":"Person","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76","name":"thecodest","image":{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","caption":"thecodest"},"url":"https:\/\/thecodest.co\/da\/author\/thecodest\/"}]}},"_links":{"self":[{"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/posts\/3810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/comments?post=3810"}],"version-history":[{"count":9,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/posts\/3810\/revisions"}],"predecessor-version":[{"id":8105,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/posts\/3810\/revisions\/8105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/media\/3809"}],"wp:attachment":[{"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/media?parent=3810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/categories?post=3810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecodest.co\/da\/wp-json\/wp\/v2\/tags?post=3810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}