XSS (cross-site scripting)
Related service Websites, web apps & online shops
DEFINITION
An attack where a hacker slips malicious JavaScript into a page so it runs in another user's browser — stealing sessions or data. An OWASP perennial; we block it with output escaping and a strict Content-Security-Policy.
- SSR (Server-Side Rendering)→
HTML rendered by the server per-request, fresh for every user. Ideal for dynamic content (dashboards), but slower than SSG.
- SSG (Static Site Generation)→
Pages are produced at build time as HTML and served from a CDN. Near-zero TTFB. DField's own site runs this way across 111+ pages.
- ISR (Incremental Static Regeneration)→
SSG + timed regeneration: the HTML is static but regenerates on a schedule. Ideal for blog content · freshness with CDN speed.
- Edge rendering→
Code runs at the CDN edge closest to the user (Cloudflare Workers, Vercel Edge). Dynamic responses with ~10–50 ms TTFB.
- RSC (React Server Components)→
React components that run exclusively on the server and never ship to the browser. Result: less client-side JS and faster hydration.
- LCP (Largest Contentful Paint)→
Time until the largest visible element paints. Google Core Web Vitals passes under 2.5s · we usually land marketing pages under 1s.
- 0130 Apr 2026Smart contract audit pricing in 2026 · what €4k, €15k and €60k actually buy you→
- 0229 Apr 2026NIS2 readiness for EU SaaS · the 90-day playbook→
- 0326 Apr 2026OWASP LLM Top 10 v2 · what changed and what to ship→
- 0426 Apr 2026The CSP we ship · with notes on why each directive is there→
- 0522 Apr 2026Speculation Rules API in 2026 · near-instant nav, zero JS cost→
- 0622 Apr 2026Signed-firmware OTA pipeline · the 2026 default we ship→
- 0722 Apr 2026Agentic AI · the safe tool-use pattern we ship by default→
- 0822 Apr 2026Solana smart contract gotchas · what bites every Anchor dev in 2026→