Legal Glossary

Definition of Cross-site scripting (XSS)

A form of computer security flaw called cross-site scripting (XSS) enables bad actors to insert malicious code into a website or web application.

In order to steal or manipulate sensitive data, an attacker may frequently inject malicious JavaScript, HTML, or other types of code into the client-side of the application.

Developers should adhere to security best practices and use tools like Content Security Policy, Subresource Integrity, and HttpOnly cookies to reduce the attack surface on their apps in order to prevent XSS assaults.

Back to glossary index