Joshua of X Joshua of X - 4 months ago 9x
jQuery Question

Major differences and definitions, between Persistent XSS and Non-Persistent XSS

What are the major differences between, Persistent XSS and Non-Persistent XSS?


As the naming suggests, the difference between Persistent and Non-Persistent XSS are as follows.

Persistent XSS

Stored XSS, inside of cookies or the server's database.

Example of Persistent XSS in a chat application

If a chat application stores all user messages into a database and a user can send a string of HTML, such as <script>alert('XSS');</script> then that code will be executed every time the user visits the cha application.

Non-Persistent XSS

XSS executed on the client, for example JavaScript executed in the URL or the user is tricked into pasting JavaScript into their console.

Example of Non-Persistent XSS

You can execute javascript:alert('XSS') in the browser, although most modern browsers will not let you copy/paste this into the URL.

You can read more about this here.