SECCON Beginners Live 2022での登壇資料です。
https://connpass.com/event/258217/
XSS(Cross-site Scripting)の概要とXSSの3つのタイプ(Reflected/Stored/DOM-based)について、具体例を提示しつつ解説します。
説明に利用したリポジトリ: https://github.com/task4233/xss-demo
## Links
XSS on Google Search - Sanitizing HTML in The Client?: https://youtu.be/lG7U3fuNw3A
window.alert(): https://developer.mozilla.org/en-US/docs/Web/API/Window/alert
window.print(): https://developer.mozilla.org/en-US/docs/Web/API/Window/print
alert() is dead, long live print(): https://portswigger.net/research/alert-is-dead-long-live-print
PortSwigger Lab: https://portswigger.net/web-security/all-labs
XSS game: https://xss-game.appspot.com/
alert(1) to win: http://alf.nu/alert1
prompt(1) to win: https://prompt.ml/0