Bring your software development workflows to security
A Cross-site Scripting (XSS) allows an attacker to inject a script into the content of a website or app. When a user visits the infected page the script will execute in the victim’s browser. This allows attackers to steal private information like cookies, account information etc.
There are two types of XSS: reflected XSS and stored XSS. A reflected XSS (or also called a non-persistent XSS attack) happens when a malicious script is reflected off to another website through the victim’s browser. It’s often injected through the query string. The XSS vulnerability can then just be exploited by making a user click on a link. A stored XSS (or persistent XSS) takes place when the malicious script is injected directly into the vulnerable web application.
The security plugin protects Ruby applications and users from reflected XSS in the Slim template engine.
When the application starts, Sqreen library hooks the unsafe methods of the Slim templating engine in order to catch data about to be rendered in the HTML page.
Escape executable HTML code action is selected, Sqreen will perform HTML encoding on the malicious user input: special characters like
<script> are encoded into
<script> without impacting the Slim rendering to users.
No data collected