Which JavaScript framework automatically escapes output to prevent XSS attacks?
- AngularJS
- React
- Vue.js
- jQuery
AngularJS automatically escapes output to prevent XSS attacks by default, helping developers build more secure web applications.
How does a Content Security Policy (CSP) help in preventing XSS attacks?
- It allows only inline scripts
- It encrypts the communication
- It filters HTTP headers
- It restricts the sources of content
A Content Security Policy (CSP) helps prevent XSS attacks by restricting the sources of content, reducing the risk of malicious script execution from unauthorized sources.
To maintain a separation of concerns, servlets in MVC should not directly manipulate the __________.
- Controller
- Database
- Model
- View
To maintain a separation of concerns, servlets in MVC should not directly manipulate the Controller.
The __________ method in servlets is often used to dispatch requests to different handlers in an MVC framework.
- doDispatch()
- doPost()
- init()
- service()
The doDispatch() method in servlets is often used to dispatch requests to different handlers in an MVC framework.
In a complex web application using MVC and servlets, a new feature requires integration of a third-party service. Where should this integration primarily take place?
- In a separate utility class
- In the Controller
- In the Model
- In the View
In MVC architecture, business logic, including third-party service integration, is primarily handled in the Controller. This ensures separation of concerns and makes the application more modular.
In an XSS attack, the _________ method of XSS involves the attacker injecting a script that is stored on the server.
- DOM-based
- Persistent
- Reflected
- Stored
In a stored XSS attack, the injected script is stored on the server and served to users, making it more dangerous.
_________ encoding is a common technique to prevent XSS by converting special characters into HTML entities.
- Base64
- HTML
- URL
- UTF-8
HTML encoding is a common technique to prevent XSS by converting special characters into HTML entities, making it difficult for attackers to inject malicious scripts.
To mitigate DOM-based XSS attacks, one should avoid using _________ directly with user input.
- document.write()
- getElementById()
- innerHTML
- setAttribute()
Mitigating DOM-based XSS involves avoiding direct use of the innerHTML property with user input, as it can be exploited to execute malicious scripts within the DOM.
A developer is implementing CSP for the first time. What common challenges might they face?
- Blocking Legitimate Scripts
- Compatibility Issues with Older Browsers
- Difficulty in Debugging
- Increased Load Times
Implementing Content Security Policy (CSP) for the first time may face compatibility issues with older browsers. These issues could arise due to the introduction of security restrictions that are not supported in older browser versions.
Initialization parameters for a servlet are configured in the _________ file.
- config.xml
- initparams.xml
- servlet.xml
- web.xml
Initialization parameters for a servlet are configured in the web.xml file.