Security / Quiz

XSS in Every Context

Stored, reflected, and DOM-based XSS, plus the context-aware output encoding that actually stops them.

Difficulty
Medium
Format
Quiz
Points
150
Estimate
9 min

// MISSION BRIEF

Your Mission

XSS is not one bug, it is a family, and the defense depends on where untrusted data lands. This quiz covers stored, reflected, and DOM-based XSS, the dangerous sinks, context-aware encoding, and CSP as defense in depth.

// FIRST CONTACT

Battle teaser

Stored vs reflected vs DOM-based XSS:

  1. AStored: payload persisted server-side and served to others; Reflected: payload echoed from the request; DOM: client-side JS writes untrusted data into the DOM without a server round-trip
  2. BStored is client-side, DOM is server-side
  3. CThey are three names for the same attack
  4. DReflected XSS requires a database
Answers, scoring, hints, and the full battle stay sealed.

// SKILL TAGS

securityxssoutput-encodingcsp