Hello for every one: The today over lesson is about the Web Security, What is XSS Attack: Node.JS: Sending Email, I hope this lesson is useful for you.

Description

Cross-Site Scripting (also known as XSS) in one of the most common application-layer web attacks. An XSS vulenrability arises when web applications take data from users and dynamically include it in web pages without first properly validating the data.

XX vulnerabilities allow an attacker to execute arbitrary commands and display arbitrary content in a victim user’s browser.

Impact

By exploiting XSS vuluerabilities, an attacker can perform some malicious actions:

  • Hijack an account
  • Spread web worms
  • Access browser history and clipborad
  • Control the browser remotely
  • Scan and exloit intranet appliances and applications

XSS vulnerabilities may occur if:

  • Input coming into web applications is not validated
  • Output to the browser is not HTML encoded

How to Prevent XSS

In order to avoid XSS attacks first of all remember basic security rules:

  • Always validate and sanitize user’s input data before rendering it to DOM. So never render untrusted data without validation.
  • Validate user’s input data in a browser AND on a server before stroring data to DB/storage.

———————————————————————————————————————————————–

Node.JS Sending Email

SMTP Server

For sending emails from your Node.js application you need an SMTP server. If you don’t want to run your own SMPT server, you can use online email services like SendInBlue, Pepipost or MailJet. They all have free plans. Here I’d like to show you how to send email via MailJet (mailjet.com).

!Important: you need to verify sender eamil address.

require('node-mailjet')
  .connect("<MAILJET_SMTP_USERNAME>", "<MAILJET_SMTP_PASSWORD>")
  .post("send", { 'version': 'v3.1 '})
  .require({
	  "Messages"[
	  {
		  "From":{			  			 
			  "Email": "info@roomjs.com",
			  "Name": "JavaScript Room"
		  },
		  "To": [
		  {
			  "Email": "someone@example.com",
			  "Name": "Follow @room_js!"
		  }
		],
		"Subject": "Email subject",
		"TextPart": "Message in plane text",
		"HTMLPart": "<p>HTML is also available</p>"
	  }
	]
  })
  .then((result) => {
	  console.log(result.body)
  })
  .catch((result) => {
	  console.erro(err)
  }];

I hope this lesson was useful for you, have a more success.