1

I have implemented a REST project with httpOnly cookie token authentication to prevent XSS attacks.
I've added chat system by socket.io, wondering how can I secure it upon XSS attacks.
As you know in XSS attack, hacker steals user's token and pretends to be him/her.
In socket.io, the client has access to the auth, how can we protect it from the attacker?

const socket = io({
  auth: {
    token: "abc"
  }
});
Alireza
  • 884
  • 9
  • 17
  • 1
    "As you know in XSS attack, hacker steals user's token and pretends to be him/her." — While that is often the **goal** of an XSS attack, the attack itself involves the injection of JavaScript into a page on someone else's browser. How you deal with XSS attacks depends on correctly handling user input, not on the transport mechanism itself. – Quentin Dec 01 '21 at 16:54

0 Answers0