Code Safari

Chapter 95·Intermediate

XSS Explained: Cross-Site Scripting, and How to Actually Stop It

01 / 05

The core

XSS is your page running the attacker's JavaScript.

If attacker-controlled text reaches the browser without being neutralised, the browser can't tell it from your code — and runs it with your site's full privileges.

XSS Explained: Cross-Site Scripting, and How to Actually Stop It | Code Safari