WAF
Web Application Firewall
A security layer that filters HTTP traffic between a web application and the internet, blocking common attacks like SQL injection and XSS.
Техническая деталь
WAF attacks exploit the browser's trust in page content. Stored XSS persists in the database (most dangerous). Reflected XSS appears in URL parameters. DOM-based XSS occurs entirely in client-side JavaScript. Defenses: output encoding (HTML entities, JavaScript escaping), Content Security Policy (CSP) headers, HttpOnly cookies (preventing JavaScript access), and framework auto-escaping (React, Django, Angular). The primary rule: never insert untrusted data into HTML without context-appropriate escaping.
Пример
```javascript
// WAF — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
.map(b => b.toString(16).padStart(2, '0')).join('');
```
Связанные форматы
Связанные инструменты
P
Password Generator
P
Password Strength Checker
H
Hash Generator
H
HMAC Generator
A
AES Encrypt / Decrypt
R
Random String Generator
C
CSP Header Generator
T
Text Redactor
C
CORS Header Generator
S
SRI Hash Generator
B
Base64 Encoder / Decoder
Д
Декодер JWT
Г
Генератор UUID
T
TOTP Configurator
S
SSL Certificate Decoder