Security / Quiz
XSS in Every Context
Stored, reflected, and DOM-based XSS, plus the context-aware output encoding that actually stops them.
- Difficulty
- Medium
- Format
- Quiz
- Points
- 150
- Estimate
- 9 min
// MISSION BRIEF
Your Mission
XSS is not one bug, it is a family, and the defense depends on where untrusted data lands. This quiz covers stored, reflected, and DOM-based XSS, the dangerous sinks, context-aware encoding, and CSP as defense in depth.
// FIRST CONTACT
Battle teaser
Stored vs reflected vs DOM-based XSS:
- AStored: payload persisted server-side and served to others; Reflected: payload echoed from the request; DOM: client-side JS writes untrusted data into the DOM without a server round-trip
- BStored is client-side, DOM is server-side
- CThey are three names for the same attack
- DReflected XSS requires a database
Answers, scoring, hints, and the full battle stay sealed.
// SKILL TAGS
securityxssoutput-encodingcsp