loading
loading
Cross-site scripting: a bug where attacker-controlled script runs in a user’s browser.
XSS can steal sessions, alter pages, or perform actions as the user. Prevent it by escaping output, sanitizing HTML, and using framework-safe rendering patterns.
Plainly
Think of XSS as the lock and rules that keep people and data safe. Cross-site scripting: a bug where attacker-controlled script runs in a user’s browser.
In practice
Use it when a workflow touches secrets, permissions, user data, payments, or untrusted input. In practice, define the owner, input, output, and failure mode before you rely on it.