{"id":3810,"date":"2020-10-14T11:25:00","date_gmt":"2020-10-14T11:25:00","guid":{"rendered":"http:\/\/the-codest.localhost\/blog\/web-app-security-xss-vulnerability\/"},"modified":"2026-04-27T10:24:05","modified_gmt":"2026-04-27T10:24:05","slug":"veebirakenduse-turvalisus-xss-haavatavus","status":"publish","type":"post","link":"https:\/\/thecodest.co\/et\/blog\/web-app-security-xss-vulnerability\/","title":{"rendered":"Veebirakenduse turvalisus - XSS haavatavus"},"content":{"rendered":"<h2 class=\"wp-block-heading\">R\u00fcnnaku stsenaarium<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>R\u00fcndaja leiab XSS-haavatavuse ohvri kasutataval veebisaidil, nt panga veebisaidil.<\/li>\n\n\n\n<li>Ohver on praegu sellele lehek\u00fcljele sisse logitud<\/li>\n\n\n\n<li>R\u00fcndaja saadab ohvrile v\u00f5ltsitud URL-i.<\/li>\n\n\n\n<li>Ohver kl\u00f5psab URL-i<\/li>\n\n\n\n<li>Ohvri kohta <a href=\"https:\/\/thecodest.co\/et\/dictionary\/how-fintech-helps-banks\/\">pank<\/a> veebisait, <a href=\"https:\/\/thecodest.co\/et\/blog\/hire-javascript-developer\/\">JavaScript<\/a> <a href=\"https:\/\/thecodest.co\/et\/dictionary\/what-is-code-refactoring\/\">kood<\/a> alustab t\u00e4itmist, et peatada kasutaja <a href=\"https:\/\/thecodest.co\/et\/blog\/app-data-collection-security-risks-value-and-types-explored\/\">andmed<\/a> v\u00f5i teha tema nimel \u00fclekanne r\u00fcndaja kontole<\/li>\n<\/ol>\n\n\n\n<p>Tuleb m\u00e4rkida, et ohvri nimel tehtavad toimingud v\u00f5ivad olla ohvrile n\u00e4htamatud, kuna need v\u00f5ivad toimuda taustal, kasutades panga <a href=\"https:\/\/thecodest.co\/et\/blog\/compare-staff-augmentation-firms-that-excel-in-api-team-staffing-for-financial-technology-projects\/\">API<\/a>, v\u00f5i r\u00fcndaja v\u00f5ib neid hiljem teostada autentimiseks vajalike andmete, m\u00e4rkide, k\u00fcpsiste jne abil.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">XSS t\u00fc\u00fcbid<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Peegeldatud XSS <\/h3>\n\n\n\n<p>See on selline, kus vastuseks kuvatakse mis tahes parameetris (nt GET, POST v\u00f5i k\u00fcpsis) sisalduv HTML\/JavaScript-kood.<\/p>\n\n\n\n<p>Lehek\u00fclg tekstisisendiga, et otsida midagi, mis paneb parameetriks <code>?search=foo<\/code> URL-i l\u00f5pus API p\u00e4ringu tegemisel. P\u00e4rast mis tahes fraasi sisestamist, kui seda ei leita, pannakse tagastuss\u00f5num HTML ex.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"markup\" class=\"language-markup\">&lt;div&gt;Ei leitud tulemusi seoses &lt;b&gt;foo&lt;\/b&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p>Me v\u00f5ime proovida panna URL-i <code>?search=<\/code>..<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.DOM XSS <\/h3>\n\n\n\n<p>See on siis, kui selle t\u00e4itmine on lubatud JavaScript ohtlike funktsioonide kasutamisega, n\u00e4iteks <code>`eval`<\/code> v\u00f5i <code>`innerHtml`<\/code>. Allpool olev \"Live n\u00e4ide\" n\u00e4itab DOM XSS r\u00fcnnakut, mis p\u00f5hineb <code>`innerHtml`<\/code> funktsioon.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Salvestatud XSS <\/h3>\n\n\n\n<p>See on \u00fcks neist, kus pahatahtlik kood kirjutatakse serveri poolele. N\u00e4iteks v\u00f5ime saata pahatahtliku koodiga kommentaari blogipostitusele, mis laaditakse serverisse. Selle \u00fclesanne on n\u00e4iteks oodata administraatori modereerimist ja seej\u00e4rel varastada tema seansiandmed jne.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">S\u00fcstimismeetodid<\/h2>\n\n\n\n<p>1. Sildi sisu<\/p>\n\n\n\n<p><code>`onerror=alert('XSS')`<\/code>aadressile<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;img src onerror=&quot;alert(&#039;XSS&#039;)&quot; \/&gt;<\/code><\/pre>\n\n\n\n<p>2. Atribuudi sisu<\/p>\n\n\n\n<p><code>`\" onmouseover=alert('XSS')`\" onmouseover=alert('XSS')`<\/code> aadressile<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;div class=&quot;&quot; onmouseover=&quot;alert(&#039;XSS&#039;)&quot;&quot;&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Atribuudi sisu ilma jutum\u00e4rkideta<\/li>\n<\/ol>\n\n\n\n<p><code>x onclick=alert('XSS')<\/code>aadressile<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;div class=&quot;x&quot; onclick=&quot;alert(&#039;XSS&#039;)&quot;&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>In the <code>href<\/code>ef atribuut<\/li>\n<\/ol>\n\n\n\n<p><code>javascript:alert('XSS')<\/code> aadressile<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"javascript\" class=\"language-javascript\">&lt;a href=&quot;javascript:alert(&#039;XSS&#039;)&quot;&gt;&lt;\/a&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li>JavaScript koodis sisalduvas stringis<\/li>\n<\/ol>\n\n\n\n<p><code>\";alert('XSS')\/\/<\/code> aadressile<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;script&gt;let username=\"\";alert('XSS')\/\/\";&lt;\/script&gt;<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li>Atribuudis koos s\u00fcndmusega JavaScript<\/li>\n<\/ol>\n\n\n\n<p><code>&#039;);alert('XSS')\/\/<\/code> kus <code>&#039;<\/code> on \u00fchekordne jutum\u00e4rk, arvesse<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"markup\" class=\"language-markup\">&lt;div onclick=&quot;change(&#039;&amp;#39;);alert(&#039;XSS&#039;)\/\/&#039;)&quot;&gt;John&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li>In the <code>href<\/code> atribuut JavaScript protokolli sees<\/li>\n<\/ol>\n\n\n\n<p><code>);alert(1)\/\/<\/code> kus <code>%27<\/code> on \u00fchekordne jutum\u00e4rk, arvesse<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"javascript\" class=\"language-javascript\">&lt;a href=&quot;javascript:change(&#039;%27);alert(1)\/\/&#039;)&quot;&gt;kliki&lt;\/a&gt;<\/code><\/pre>\n\n\n\n<p><code><br> <\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Elus n\u00e4ide<\/h3>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-codesandbox wp-block-embed-codesandbox\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"XSS haavatavus\" width=\"500\" height=\"750\" src=\"https:\/\/codesandbox.io\/embed\/xss-vulnerability-iedok#?secret=JCHK6BCh6d\" data-secret=\"JCHK6BCh6d\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Kaitsemeetodid<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Andmete kodeerimine, kasutades sisseehitatud funktsioone, mis leidub paljudes <a href=\"https:\/\/thecodest.co\/et\/blog\/top-programming-languages-to-build-e-commerce\/\">programmeerimiskeeled<\/a>.<\/li>\n\n\n\n<li>Automaatse kodeerimisega \u0161abloonis\u00fcsteemide kasutamine. Enamik selliseid s\u00fcsteeme kasutavaid populaarseid raamistikke kaitseb <a href=\"https:\/\/thecodest.co\/et\/blog\/why-us-companies-are-opting-for-polish-developers\/\">us<\/a> XSS s\u00fcstimise eest (<a href=\"https:\/\/thecodest.co\/et\/blog\/hire-django-developers\/\">Django<\/a>, Mallid, <a href=\"https:\/\/thecodest.co\/et\/blog\/hire-vue-js-developers\/\">Vue<\/a>, <a href=\"https:\/\/thecodest.co\/et\/blog\/conditional-component-visibility-in-react\/\">React<\/a> jne).<\/li>\n\n\n\n<li>\u00c4rge kasutage selliseid funktsioone nagu <code>eval<\/code> v\u00f5i <code>Funktsioon<\/code> ebausaldusv\u00e4\u00e4rsete kasutajaandmetega.<\/li>\n\n\n\n<li>\u00c4rge kasutage funktsioone ja omadusi, mis omistavad HTML-koodi otse DOM-puu elementidele, nt, <code>innerHTML<\/code>, <code>outerHTML<\/code>, <code>insertAdjacentHTML<\/code>, <code>ocument.write<\/code>. Selle asemel v\u00f5ite kasutada funktsioone, mis m\u00e4\u00e4ravad teksti otse nendele elementidele, n\u00e4iteks <code>textContent<\/code> v\u00f5i <code>innerText<\/code>.<\/li>\n\n\n\n<li>Olge ettevaatlik, kui suunate kasutaja \u00fcmber URL-i, mis on tema kontrolli all. S\u00fcstimise oht <code>location = 'javascript('XSS')'<\/code>.<\/li>\n\n\n\n<li>Filtreerida HTML-i kasutades selliseid raamatukogusid nagu <code>DOMPurify<\/code>.<\/li>\n\n\n\n<li>Olge ettevaatlik \u00fcleslaadimise suhtes <code>.html<\/code> v\u00f5i <code>.svg<\/code> failid. Saate luua eraldi domeeni, kust \u00fcleslaetud faile serveeritakse.<\/li>\n\n\n\n<li>Kasutage <code>Sisu-turvalisuse poliitika<\/code> mehhanism.<\/li>\n\n\n\n<li> <span style=\"font-size: revert; color: initial; font-family: -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen-Sans, Ubuntu, Cantarell, &quot;Helvetica Neue&quot;, sans-serif;\">Vaadake enamikus populaarsetes brauserites sisseehitatud XSS-vastaseid filtreid.<\/span> <p><strong>Kui see artikkel tundub teile huvitav, j\u00e4lgige Lukasz'i Githubis:<\/strong> https:\/\/github.com\/twistezo<\/p> <\/li>\n<\/ol>\n\n\n\n<p><strong>Loe edasi:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/data-fetching-strategies-in-nextjs\/\">NextJS-i andmete hankimise strateegiad<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/\">Rails API ja CORS. Riputus teadvusest<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/why-you-should-probably-use-typescript\/\">Miks peaksite (t\u00f5en\u00e4oliselt) kasutama Typescripti?<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>XSS-r\u00fcnnakud v\u00f5imaldavad r\u00fcndajatel sisestada kliendipoolseid skripte teiste kasutajate poolt vaadatavatele veebilehtedele. Selle haavatavuse peamised tagaj\u00e4rjed on v\u00f5imalus teostada mis tahes tegevusi sisselogitud kasutaja kontekstis ja lugeda mis tahes andmeid sisselogitud kasutaja kontekstis.<\/p>","protected":false},"author":2,"featured_media":3809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-3810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Web app security - XSS vulnerability - The Codest<\/title>\n<meta name=\"description\" content=\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecodest.co\/et\/blogi\/veebirakenduse-turvalisus-xss-haavatavus\/\" \/>\n<meta property=\"og:locale\" content=\"et_EE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Web app security - XSS vulnerability\" \/>\n<meta property=\"og:description\" content=\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecodest.co\/et\/blogi\/veebirakenduse-turvalisus-xss-haavatavus\/\" \/>\n<meta property=\"og:site_name\" content=\"The Codest\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-14T11:25:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-27T10:24:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"thecodest\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"thecodest\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutit\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"},\"author\":{\"name\":\"thecodest\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\"},\"headline\":\"Web app security &#8211; XSS vulnerability\",\"datePublished\":\"2020-10-14T11:25:00+00:00\",\"dateModified\":\"2026-04-27T10:24:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"},\"wordCount\":528,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"articleSection\":[\"Software Development\"],\"inLanguage\":\"et\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\",\"name\":\"Web app security - XSS vulnerability - The Codest\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"datePublished\":\"2020-10-14T11:25:00+00:00\",\"dateModified\":\"2026-04-27T10:24:05+00:00\",\"description\":\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"et\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"et\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/thecodest.co\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Web app security &#8211; XSS vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"name\":\"The Codest\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thecodest.co\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"et\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\",\"name\":\"The Codest\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"et\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"width\":144,\"height\":36,\"caption\":\"The Codest\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/pl.linkedin.com\\\/company\\\/codest\",\"https:\\\/\\\/clutch.co\\\/profile\\\/codest\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\",\"name\":\"thecodest\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"et\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"caption\":\"thecodest\"},\"url\":\"https:\\\/\\\/thecodest.co\\\/et\\\/author\\\/thecodest\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Veebirakenduse turvalisus - XSS haavatavus - The Codest","description":"T\u00e4iendada oma teadmisi veebirakenduste turvalisuse kohta. Avastage, kuidas XSS-r\u00fcnnakud v\u00f5ivad m\u00f5jutada pangatehinguid ja kasutajate turvalisust.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecodest.co\/et\/blogi\/veebirakenduse-turvalisus-xss-haavatavus\/","og_locale":"et_EE","og_type":"article","og_title":"Web app security - XSS vulnerability","og_description":"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.","og_url":"https:\/\/thecodest.co\/et\/blogi\/veebirakenduse-turvalisus-xss-haavatavus\/","og_site_name":"The Codest","article_published_time":"2020-10-14T11:25:00+00:00","article_modified_time":"2026-04-27T10:24:05+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","type":"image\/png"}],"author":"thecodest","twitter_card":"summary_large_image","twitter_misc":{"Written by":"thecodest","Est. reading time":"3 minutit"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#article","isPartOf":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"},"author":{"name":"thecodest","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76"},"headline":"Web app security &#8211; XSS vulnerability","datePublished":"2020-10-14T11:25:00+00:00","dateModified":"2026-04-27T10:24:05+00:00","mainEntityOfPage":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"},"wordCount":528,"commentCount":0,"publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"image":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","articleSection":["Software Development"],"inLanguage":"et","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/","url":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/","name":"Veebirakenduse turvalisus - XSS haavatavus - The Codest","isPartOf":{"@id":"https:\/\/thecodest.co\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","datePublished":"2020-10-14T11:25:00+00:00","dateModified":"2026-04-27T10:24:05+00:00","description":"T\u00e4iendada oma teadmisi veebirakenduste turvalisuse kohta. Avastage, kuidas XSS-r\u00fcnnakud v\u00f5ivad m\u00f5jutada pangatehinguid ja kasutajate turvalisust.","breadcrumb":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#breadcrumb"},"inLanguage":"et","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"et","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thecodest.co\/"},{"@type":"ListItem","position":2,"name":"Web app security &#8211; XSS vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/thecodest.co\/#website","url":"https:\/\/thecodest.co\/","name":"The Codest","description":"","publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecodest.co\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"et"},{"@type":"Organization","@id":"https:\/\/thecodest.co\/#organization","name":"The Codest","url":"https:\/\/thecodest.co\/","logo":{"@type":"ImageObject","inLanguage":"et","@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","width":144,"height":36,"caption":"The Codest"},"image":{"@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/pl.linkedin.com\/company\/codest","https:\/\/clutch.co\/profile\/codest"]},{"@type":"Person","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76","name":"thecodest","image":{"@type":"ImageObject","inLanguage":"et","@id":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","caption":"thecodest"},"url":"https:\/\/thecodest.co\/et\/author\/thecodest\/"}]}},"_links":{"self":[{"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/posts\/3810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/comments?post=3810"}],"version-history":[{"count":9,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/posts\/3810\/revisions"}],"predecessor-version":[{"id":8105,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/posts\/3810\/revisions\/8105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/media\/3809"}],"wp:attachment":[{"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/media?parent=3810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/categories?post=3810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecodest.co\/et\/wp-json\/wp\/v2\/tags?post=3810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}