{"id":3810,"date":"2020-10-14T11:25:00","date_gmt":"2020-10-14T11:25:00","guid":{"rendered":"http:\/\/the-codest.localhost\/blog\/web-app-security-xss-vulnerability\/"},"modified":"2026-04-27T10:24:05","modified_gmt":"2026-04-27T10:24:05","slug":"web-app-beveiliging-xss-kwetsbaarheid","status":"publish","type":"post","link":"https:\/\/thecodest.co\/nl\/blog\/web-app-security-xss-vulnerability\/","title":{"rendered":"Beveiliging van webapps - XSS-kwetsbaarheid"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Aanvalsscenario<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>De aanvaller lokaliseert de XSS-kwetsbaarheid op een website die door het slachtoffer wordt gebruikt, bijvoorbeeld de website van een bank.<\/li>\n\n\n\n<li>Het slachtoffer is momenteel aangemeld op deze pagina<\/li>\n\n\n\n<li>De aanvaller stuurt het slachtoffer een vervalste URL<\/li>\n\n\n\n<li>Het slachtoffer klikt op de URL<\/li>\n\n\n\n<li>Op het slachtoffer <a href=\"https:\/\/thecodest.co\/nl\/dictionary\/how-fintech-helps-banks\/\">bank<\/a> website, <a href=\"https:\/\/thecodest.co\/nl\/blog\/hire-javascript-developer\/\">JavaScript<\/a> <a href=\"https:\/\/thecodest.co\/nl\/dictionary\/what-is-code-refactoring\/\">code<\/a> begint uit te voeren om de <a href=\"https:\/\/thecodest.co\/nl\/blog\/app-data-collection-security-risks-value-and-types-explored\/\">gegevens<\/a> of in zijn naam een overschrijving uitvoeren naar de rekening van de aanvaller<\/li>\n<\/ol>\n\n\n\n<p>Het is de moeite waard om op te merken dat handelingen die namens het slachtoffer worden uitgevoerd onzichtbaar kunnen zijn voor het slachtoffer, omdat ze op de achtergrond kunnen plaatsvinden met behulp van de <a href=\"https:\/\/thecodest.co\/nl\/blog\/compare-staff-augmentation-firms-that-excel-in-api-team-staffing-for-financial-technology-projects\/\">API<\/a>, of de aanvaller kan ze later uitvoeren met de gegevens die nodig zijn voor authenticatie, tokens, cookies, enz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">XSS-types<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Gereflecteerde XSS <\/h3>\n\n\n\n<p>Dit is er een waarbij HTML\/JavaScript-code in een parameter (bijv. GET, POST of cookie) wordt weergegeven in het antwoord.<\/p>\n\n\n\n<p>Een pagina met een tekstinvoer om iets te zoeken die de parameter <code>zoeken=eten<\/code> in het URL-einde wanneer de API wordt opgevraagd. Na het invoeren van een zin, als deze niet wordt gevonden, wordt een retourbericht geplaatst in HTML ex.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"markup\" class=\"language-markup\">&lt;div&gt;Geen resultaat gevonden voor &lt;b&gt;foo&lt;\/b&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p>We kunnen proberen de URL in te voeren <code>zoeken=<\/code>..<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.DOM XSS <\/h3>\n\n\n\n<p>Dit is wanneer de uitvoering ervan wordt ingeschakeld door het gebruik van gevaarlijke functies in JavaScript, zoals <code>`eval`<\/code> of <code>`innerHtml`<\/code>. Het \"Live voorbeeld\" hieronder toont een DOM XSS-aanval gebaseerd op de <code>`innerHtml`<\/code> functie.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Opgeslagen XSS <\/h3>\n\n\n\n<p>Hier wordt de kwaadaardige code aan de serverkant geschreven. We kunnen bijvoorbeeld een commentaar met kwaadaardige code naar een blogpost sturen die naar de server wordt ge\u00fcpload. De taak is om bijvoorbeeld te wachten op de moderatie van de beheerder en dan zijn sessiegegevens te stelen, enz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Injectiemethoden<\/h2>\n\n\n\n<p>1. In de tag-inhoud<\/p>\n\n\n\n<p><code>`onerror=waarschuwing('XSS')`<\/code>in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;img src onerror=&quot;alert(&#039;XSS&#039;)&quot; \/&gt;<\/code><\/pre>\n\n\n\n<p>2. In de inhoud van het attribuut<\/p>\n\n\n\n<p><code>`\" onmouseover=waarschuwing('XSS')`<\/code> in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;div class=&quot;&quot; onmouseover=&quot;alert(&#039;XSS&#039;)&quot;&quot;&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>In de inhoud van het attribuut zonder de aanhalingstekens<\/li>\n<\/ol>\n\n\n\n<p><code>x onclick=waarschuwing('XSS')<\/code>in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;div class=&quot;x&quot; onclick=&quot;alert(&#039;XSS&#039;)&quot;&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>In de <code>href<\/code>ef eigenschap<\/li>\n<\/ol>\n\n\n\n<p><code>javascript:waarschuwing('XSS')<\/code> in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"javascript\" class=\"language-javascript\">&lt;a href=&quot;javascript:alert(&#039;XSS&#039;)&quot;&gt;&lt;\/a&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li>In de string binnen JavaScript code<\/li>\n<\/ol>\n\n\n\n<p><code>\";Waarschuwing('XSS')\/\/<\/code> in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">&lt;script&gt;let username=\"\";alert('XSS')\/\/\";&lt;\/script&gt;<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li>In het kenmerk met de JavaScript-gebeurtenis<\/li>\n<\/ol>\n\n\n\n<p><code>&#039;);waarschuwing('XSS')\/\/<\/code> waarbij <code>&#039;<\/code> een enkel aanhalingsteken is, in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"markup\" class=\"language-markup\">&lt;div onclick=&quot;change(&#039;&amp;#39;);alert(&#039;XSS&#039;)\/\/&#039;)&quot;&gt;John&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li>In de <code>href<\/code> attribuut binnen het JavaScript protocol<\/li>\n<\/ol>\n\n\n\n<p><code>);alert(1)\/\/<\/code> waarbij <code>%27<\/code> een enkel aanhalingsteken is, in<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"javascript\" class=\"language-javascript\">&lt;a href=&quot;javascript:change(&#039;%27);alert(1)\/\/&#039;)&quot;&gt;klik op&lt;\/a&gt;<\/code><\/pre>\n\n\n\n<p><code><br> <\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Live voorbeeld<\/h3>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-codesandbox wp-block-embed-codesandbox\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"XSS-kwetsbaarheid\" width=\"500\" height=\"750\" src=\"https:\/\/codesandbox.io\/embed\/xss-vulnerability-iedok#?secret=JCHK6BCh6d\" data-secret=\"JCHK6BCh6d\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Verdedigingsmethoden<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Gegevenscodering met behulp van ingebouwde functies die in veel <a href=\"https:\/\/thecodest.co\/nl\/blog\/top-programming-languages-to-build-e-commerce\/\">programmeertalen<\/a>.<\/li>\n\n\n\n<li>Gebruik maken van sjabloonsystemen met automatische codering. De meeste populaire frameworks die dergelijke systemen gebruiken beschermen <a href=\"https:\/\/thecodest.co\/nl\/blog\/why-us-companies-are-opting-for-polish-developers\/\">us<\/a> van XSS-injectie (<a href=\"https:\/\/thecodest.co\/nl\/blog\/hire-django-developers\/\">Django<\/a>, Sjablonen, <a href=\"https:\/\/thecodest.co\/nl\/blog\/hire-vue-js-developers\/\">Vue<\/a>, <a href=\"https:\/\/thecodest.co\/nl\/blog\/conditional-component-visibility-in-react\/\">React<\/a> enz.).<\/li>\n\n\n\n<li>Gebruik geen functies zoals <code>eval<\/code> of <code>Functie<\/code> met niet-vertrouwde gebruikersgegevens.<\/li>\n\n\n\n<li>Gebruik geen functies en eigenschappen die HTML-code rechtstreeks aan de DOM-boomelementen toewijzen, bijv, <code>innerHTML<\/code>, <code>outerHTML<\/code>, <code>insertAdjacentHTML<\/code>, <code>ocument.write<\/code>. In plaats daarvan kun je functies gebruiken die tekst direct aan deze elementen toewijzen, zoals <code>tekstinhoud<\/code> of <code>innerText<\/code>.<\/li>\n\n\n\n<li>Wees voorzichtig wanneer je de gebruiker doorverwijst naar een URL die onder zijn controle staat. Risico van injectie <code>locatie = 'javascript('XSS')'<\/code>.<\/li>\n\n\n\n<li>HTML filteren met bibliotheken zoals <code>DOMPurify<\/code>.<\/li>\n\n\n\n<li>Wees voorzichtig met uploaden <code>.html<\/code> of <code>.svg<\/code> bestanden. Je kunt een apart domein aanmaken van waaruit de ge\u00fcploade bestanden worden geserveerd.<\/li>\n\n\n\n<li>Gebruik de <code>Inhoud-beveiligingsbeleid<\/code> mechanisme.<\/li>\n\n\n\n<li> <span style=\"font-size: revert; color: initial; font-family: -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, Oxygen-Sans, Ubuntu, Cantarell, &quot;Helvetica Neue&quot;, sans-serif;\">Kijk eens naar de anti-XSS filters die in de meeste populaire browsers zijn ingebouwd.<\/span> <p><strong>Als je dit artikel interessant vindt, volg Lukasz dan op Github:<\/strong> https:\/\/github.com\/twistezo<\/p> <\/li>\n<\/ol>\n\n\n\n<p><strong>Lees meer:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/data-fetching-strategies-in-nextjs\/\">Strategie\u00ebn voor het ophalen van gegevens in NextJS<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/rails-api-cors-dash-of-consciousness\/\">Rails API &amp; CORS. Een vleugje bewustzijn<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thecodest.co\/blog\/why-you-should-probably-use-typescript\/\">Waarom je (waarschijnlijk) Typescript zou moeten gebruiken?<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>XSS-aanvallen stellen aanvallers in staat om client-side scripts te injecteren in webpagina's die door andere gebruikers worden bekeken. De belangrijkste gevolgen van deze kwetsbaarheid zijn de mogelijkheid om acties uit te voeren in de context van de ingelogde gebruiker en het lezen van gegevens in de context van de ingelogde gebruiker.<\/p>","protected":false},"author":2,"featured_media":3809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-3810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Web app security - XSS vulnerability - The Codest<\/title>\n<meta name=\"description\" content=\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecodest.co\/nl\/blog\/web-app-beveiliging-xss-kwetsbaarheid\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Web app security - XSS vulnerability\" \/>\n<meta property=\"og:description\" content=\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecodest.co\/nl\/blog\/web-app-beveiliging-xss-kwetsbaarheid\/\" \/>\n<meta property=\"og:site_name\" content=\"The Codest\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-14T11:25:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-27T10:24:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"thecodest\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"thecodest\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"},\"author\":{\"name\":\"thecodest\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\"},\"headline\":\"Web app security &#8211; XSS vulnerability\",\"datePublished\":\"2020-10-14T11:25:00+00:00\",\"dateModified\":\"2026-04-27T10:24:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"},\"wordCount\":528,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"articleSection\":[\"Software Development\"],\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\",\"name\":\"Web app security - XSS vulnerability - The Codest\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"datePublished\":\"2020-10-14T11:25:00+00:00\",\"dateModified\":\"2026-04-27T10:24:05+00:00\",\"description\":\"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/05\\\/web-app-security.png\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/blog\\\/web-app-security-xss-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/thecodest.co\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Web app security &#8211; XSS vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#website\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"name\":\"The Codest\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thecodest.co\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#organization\",\"name\":\"The Codest\",\"url\":\"https:\\\/\\\/thecodest.co\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"contentUrl\":\"https:\\\/\\\/thecodest.co\\\/app\\\/uploads\\\/2024\\\/03\\\/thecodest-logo.svg\",\"width\":144,\"height\":36,\"caption\":\"The Codest\"},\"image\":{\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/pl.linkedin.com\\\/company\\\/codest\",\"https:\\\/\\\/clutch.co\\\/profile\\\/codest\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thecodest.co\\\/#\\\/schema\\\/person\\\/7e3fe41dfa4f4e41a7baad4c6e0d4f76\",\"name\":\"thecodest\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g\",\"caption\":\"thecodest\"},\"url\":\"https:\\\/\\\/thecodest.co\\\/nl\\\/author\\\/thecodest\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Beveiliging van webapps - XSS-kwetsbaarheid - The Codest","description":"Vergroot uw kennis over de beveiliging van webapps. Ontdek hoe XSS-aanvallen van invloed kunnen zijn op banktransacties en de veiligheid van gebruikers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecodest.co\/nl\/blog\/web-app-beveiliging-xss-kwetsbaarheid\/","og_locale":"nl_NL","og_type":"article","og_title":"Web app security - XSS vulnerability","og_description":"Enhance your knowledge of web app security. Discover how XSS attacks can affect bank transactions and user safety.","og_url":"https:\/\/thecodest.co\/nl\/blog\/web-app-beveiliging-xss-kwetsbaarheid\/","og_site_name":"The Codest","article_published_time":"2020-10-14T11:25:00+00:00","article_modified_time":"2026-04-27T10:24:05+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","type":"image\/png"}],"author":"thecodest","twitter_card":"summary_large_image","twitter_misc":{"Written by":"thecodest","Est. reading time":"3 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#article","isPartOf":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"},"author":{"name":"thecodest","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76"},"headline":"Web app security &#8211; XSS vulnerability","datePublished":"2020-10-14T11:25:00+00:00","dateModified":"2026-04-27T10:24:05+00:00","mainEntityOfPage":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"},"wordCount":528,"commentCount":0,"publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"image":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","articleSection":["Software Development"],"inLanguage":"nl-NL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/","url":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/","name":"Beveiliging van webapps - XSS-kwetsbaarheid - The Codest","isPartOf":{"@id":"https:\/\/thecodest.co\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","datePublished":"2020-10-14T11:25:00+00:00","dateModified":"2026-04-27T10:24:05+00:00","description":"Vergroot uw kennis over de beveiliging van webapps. Ontdek hoe XSS-aanvallen van invloed kunnen zijn op banktransacties en de veiligheid van gebruikers.","breadcrumb":{"@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#primaryimage","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/05\/web-app-security.png","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/thecodest.co\/blog\/web-app-security-xss-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thecodest.co\/"},{"@type":"ListItem","position":2,"name":"Web app security &#8211; XSS vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/thecodest.co\/#website","url":"https:\/\/thecodest.co\/","name":"The Codest","description":"","publisher":{"@id":"https:\/\/thecodest.co\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecodest.co\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/thecodest.co\/#organization","name":"The Codest","url":"https:\/\/thecodest.co\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/","url":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","contentUrl":"https:\/\/thecodest.co\/app\/uploads\/2024\/03\/thecodest-logo.svg","width":144,"height":36,"caption":"The Codest"},"image":{"@id":"https:\/\/thecodest.co\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/pl.linkedin.com\/company\/codest","https:\/\/clutch.co\/profile\/codest"]},{"@type":"Person","@id":"https:\/\/thecodest.co\/#\/schema\/person\/7e3fe41dfa4f4e41a7baad4c6e0d4f76","name":"thecodest","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5dbfe6a1e8c86e432e8812759e34e6fe82ebac75119ae3237a6c1311fa19caf4?s=96&d=mm&r=g","caption":"thecodest"},"url":"https:\/\/thecodest.co\/nl\/author\/thecodest\/"}]}},"_links":{"self":[{"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/posts\/3810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/comments?post=3810"}],"version-history":[{"count":9,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/posts\/3810\/revisions"}],"predecessor-version":[{"id":8105,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/posts\/3810\/revisions\/8105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/media\/3809"}],"wp:attachment":[{"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/media?parent=3810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/categories?post=3810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecodest.co\/nl\/wp-json\/wp\/v2\/tags?post=3810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}