Chapter 95·Intermediate
XSS Explained: Cross-Site Scripting, and How to Actually Stop It
01 / 05
The core
XSS is your page running the attacker's JavaScript.
If attacker-controlled text reaches the browser without being neutralised, the browser can't tell it from your code — and runs it with your site's full privileges.