# XSS ## Introduction * Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ## Example ```javascript function renderMessages() { let messageItems = ''; for (const message of userMessages) { messageItems = ` ${messageItems}
  • ${message.text}

    ${message.text}

    • `; } userMessagesList.innerHTML = messageItems; } function formSubmitHandler(event) { event.preventDefault(); const userMessageInput = event.target.querySelector('textarea'); const messageImageInput = event.target.querySelector('input'); const userMessage = userMessageInput.value; const imageUrl = messageImageInput.value; if ( !userMessage || !imageUrl || userMessage.trim().length === 0 || imageUrl.trim().length === 0 ) { alert('Please insert a valid message and image.'); return; } userMessages.push({ text: userMessage, image: imageUrl, }); userMessageInput.value = ''; messageImageInput.value = ''; renderMessages(); } ``` ![](https://1374779285-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFW3x2aqEO8GF2kr3VU%2Fuploads%2F6h2r1NJnIZQySYihj4hW%2Fimage.png?alt=media\&token=89bb1254-23ea-49e9-956f-58c94788cb8a) ![](https://1374779285-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFW3x2aqEO8GF2kr3VU%2Fuploads%2FhGOYOSLqVZAmNMLeifkG%2Fimage.png?alt=media\&token=c50cc424-15d6-421a-a234-b130b9517005) ## Prevention * Encode data on output * Validate input on arrival ## Reference {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %}