what is a cross-site scripting (xss) attack code example

Example: Cross-site scripting

XSS if you fill in a search field for example, and that variable is used
on the page somewhere, you could type in "bullshit."
"bullstit" appears in the markup. If the idiot that wrote the code doesn't
filter, limit, or otherwise sanitize that value. You could have a problem...
Dr. Evil could just type in some script ij the search field right?
<p>Your search for 'flowers <script>evil_script()</script>'

Tags:

Html Example