mirrors/90DaysOfDevOps
1
0
Fork 0
mirror of https://github.com/MichaelCade/90DaysOfDevOps.git synced 2025-02-03 12:55:46 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add Day 6 - Hands-On: Building a weak app

Browse Source
This commit is contained in:
Michael Cade 2023-01-06 22:57:27 +00:00 committed by GitHub
parent bfc931d402
commit f6ee8ceebd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/day06.md
View File

@ -184,10 +184,6 @@ Now edit app/views/bootcamps/show.html.erb and make the description field a raw
<%=raw @bootcamp.description %>
</p>
```
I recorded the steps to get to this point below. Hopefully this renders well, something I found GitHub now supports is embedding videos into markdown. (pretty cool!)
![](images\day06-stage1-creatingapp.mp4)
Now why this is all relevant is that using raw in the description field means that this field now becomes a potential XSS target. Or cross-site scripting.
This can be explained better with a video [What is Cross-Site Scripting?](https://youtu.be/DxsmEXicXEE)