Understanding Cross-site Scripting (XSS)

📖 Scenario: You are learning about web security. One common problem is Cross-site Scripting (XSS), where attackers inject harmful scripts into websites. This can cause serious issues like stealing user information or changing website content without permission.Imagine a simple website that shows user comments. If the website does not check the comments properly, someone could add a script instead of a normal comment. This project will help you understand how XSS works and how to recognize it.

🎯 Goal: You will build a simple example of a website comment section that is vulnerable to XSS. You will then add a configuration to filter out dangerous scripts. Finally, you will apply a basic method to prevent XSS attacks by escaping special characters in user input.

📋 What You'll Learn

Create a list of user comments including a normal comment and a script tag

Add a variable to hold a list of dangerous tags to filter

Write a loop to check each comment and mark if it contains dangerous tags

Add a final step to escape special characters in comments to prevent XSS

💡 Why This Matters

🌍 Real World

Web developers must understand XSS to protect websites from attackers injecting harmful scripts that steal data or damage user experience.

💼 Career

Security analysts and web developers use knowledge of XSS to write safer code and test websites for vulnerabilities.

Progress0 / 4 steps

Create a list of user comments

Create a list called comments with exactly these two entries: 'Hello, this is a safe comment.' and ''.

Cybersecurity

# Create the list called comments with the two exact entries
# Your code here

Need a hint?

Remember to include both comments exactly as shown, including quotes and brackets.

Add a list of dangerous tags

Add a list called dangerous_tags containing the string '