Promptles
Security

XSS (Cross-Site Scripting)

beginner

Definition

An attack where someone sneaks harmful code into a website you trust: usually by typing it into a comment box or form field. When other people visit the page, the bad code runs in their browser as if the website itself put it there. It's prevented by treating anything users type as plain text, never as instructions.

In the wild

An attacker leaves a 'comment' on a forum that's actually a hidden script. When you scroll past their comment, the script silently grabs your login info and sends it to them: even though you never clicked anything.

More from Security