Cross-Site Scripting (XSS) rektshi ne inda mai hari ya ba da jakartar JavaScript mai zafi a cikin shafin yanar gida da wasu masu amfani suke kallon - yana aiki a cikin nasu browsers don saci bayani, damre fasalbar aiki, ko aiwatar da ayyuka a matsayinsu. Itace caliscalin yanar gida mai kari kuma mai haɗari, wanda za a iya guje ta hanyar sarrafa fitarwa daidai.
Yadda XSS ke aiki
When user input is rendered into a page WITHOUT proper escaping, injected SCRIPTS run:
Welcome, <%= userInput %>
