Cross-Site Scripting is an attack that can occur when a user injects client-side script into a page in an attempt to gather information or infect the computers of other users. Specific things that can occur as a result of an XSS attack are the forcible download of viruses and bots, theft of cookies containing identifying information and/or login credentials of a user, or the ability to modify the content of a site.
XSS attacks usually occur when a user is allowed to submit HTML content to a site as part of a form submission.
Assume that we wanted to let users submit formatted HTML to our app in the
Instruction fields of our recipe creation and editing views. Without careful implementation on our part, it ...