8月23日 | 英语翻译 | 关于因为无法理解视频Spotify中XSS的原因，特地来看了有价值的Cross-Site Scripting专题

关于因为无法理解视频Spotify中XSS的原因，特地来看了有价值的Cross-Site Scripting专题。

Summary（special subject）

翻译1：

Although less common than in the past, XSS vulnerabilities are still rampant
throughout the web today. Due to the ever-increasing amount of user interaction and
data persistence in web applications, the opportunities for XSS vulnerabilities to
appear in an application are greater than ever.

尽管不像过去那样常见，但XSS漏洞仍然猖獗
在今天的网络中。由于不断增加的用户交互量
web应用程序中的数据持久性，XSS漏洞的机会
出现在应用程序中的数量比以往任何时候都多。

翻译2：

Unlike other common vulnerability archetypes, XSS can be exploited from a number
of angles—some of which persist across sessions (stored) and others (reflected) that
do not. Additionally, because XSS vulnerabilities rely on finding script-execution
sinks in the client, it is possible that bugs in the browser’s complex specifications can
also result in unintended script execution (DOM-based XSS). Stored XSS can be
found via analysis of database storage, making it easily detectable. But reflected and
DOM-based XSS vulnerabilities often are difficult to find and pin down—which
means it is very possible these vulnerabilities exist on a large number of web applica‐
tions but have not yet been detected.

与其他常见的漏洞原型不同，XSS可以被大量利用
角度——有些是跨会话保存的(存储的)，有些不是跨会话保存的(反射的)。此外，因为XSS漏洞依赖于寻找脚本执行
在客户端，浏览器复杂规范中的bug可能会
还会导致意外的脚本执行(基于dom的XSS)。存储的XSS可以
通过数据库存储分析发现，便于检测。但反射和
基于dom的XSS漏洞通常很难发现和确定
这意味着这些漏洞极有可能存在于大量的网络应用程序中
但是还没有检测到。

翻译3:

XSS is a type of attack that has been around for the majority of the web’s history, and
while the basis for the attack is still the same, the surface area and variations of the
attack have both increased.

XSS是一种攻击类型，在web的大部分历史中都存在
虽然进攻的基础仍然是相同的，但攻击面积和变种
攻击都增加了。

翻译4:

Because of its widespread surface area, (relative) ease of execution, evasion of detec‐
tion, and the amount of power this type of vulnerability has, XSS attacks should be a
core component of any pen tester or bounty hunter’s skill set.

由于其广泛的表面积，(相对)容易执行，逃避侦查
，并且这种类型的漏洞所具有的威力，XSS攻击应该是一个
任何漏洞检测者或赏金猎人技能的核心组成部分。

后言：自己写的东西一定要有价值，看的东西一定要有价值。提高自己执行效率，时刻牢记只有写成文章才是自己的。