– Solve the below problems and answer the question with your own words

10.1. Using LiveHTTPHeader HTTP request to www.example.com to delete a page owned by a user (only the owner of a page can delete the page) we find out that the following GET request is used to send an http://www.ex ample.com/delete.php?pageid=5 GET /delete.php?pageid-5 www.example.com HOst: Please write a malicious JavaScript program, which can delete a page owned by the victim if the program is injected into one of the victim's page from www.example.com 10.2. Using LiveHTTPHeader, we find out that the following POST request is used to send an HTTP request to www.example.com to delete a page owned by a user (only the owner of a page can delete the page) http://www.example.com/delete.php POST /delete.php HTTP/1.1 www.example.com HOst: Content-Length: 8 pageid-5 Please write a malicious JavaScript program, which can delete a page owned by the victim if the program is injected into one of the victim's page from www.example.com 10.3. In Listing 10.2, we added a check before sending the Ajax request to modify Samy's own profile. What is the main purpose of this check? If we do not add this check, can the attack be successful? How come we do not have such a check in the add-friend attack (Listing 10.1)? 10.4. To defeat XsS attacks, a developer decides to implement filtering on the browser side. Basically, the developer plans to add JavaScript code on each page, so before data are sent to the server, it filters out any JavaScript code contained inside the data. Let's assume that the filtering logic can be made perfect. Can this approach prevent XSS attacks? 10.5. What are the differences between XSS and CSRF attacks? 10.6. Can the secret token countermeasure be used to defeat XSS attacks? 10.7. Can the same-site cookie countermeasure for CSRF attacks be used to defeat XSS attacks?