You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,6 +6,12 @@
6
6
7
7
Welcome to Assignment 1 for [CS 253: Web Security](https://cs253.stanford.edu). ✨
8
8
9
+
We're doing client-side attacks! This assignment is all about Cross Site Scripting (XSS) vulnerabilities. Your goal is to come up with "attack inputs" that when entered into websites vulnerable to cross-site scripting (XSS) attacks you are able to execute any code you want in the victim's browser.
10
+
11
+
The assignment takes the form of an interactive workshop that you'll run in your browser. This is what it looks like:
Copy file name to clipboardExpand all lines: exercises/00/problem.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ Keep in mind when you design your attacks that you are attacking a server runnin
18
18
19
19
## Another note for the extra, extra devious among you
20
20
21
-
We haven't attempted to secure this workshop from *you*. You have all the source code and it's running on your machine, so you are able to freely examine the source code if you're curious how this workshop is designed. This means that it is possible for you to fake calls to `success()` or to modify the local state file to instantly "finish" all the challenges. I ask you to avoid trying this since it'll just make the assignments less fun for you if you read ahead. Since you have to submit your solutions in a separate text file anyway, this doesn't really help you anyway.
21
+
We haven't attempted to secure this workshop from *you*. You have all the source code and it's running on your machine, so you are technically able to examine the source code. We ask you to avoid doing this since it'll just make the assignments less fun for you. It is also possible for you to fake calls to `success()` or to modify the local state file to instantly "finish" all the challenges. Again, this wouldn't be much fun for you, so please don't do it. Since you have to submit your solutions in a separate text file anyway, this doesn't really help you anyway.
0 commit comments