Learn about how attackers send text-based attack scripts that exploit the interpreter in the browser.
- [Instructor] Number seven in the OWASP Top 10 is cross-site scripting. This type of attack usually affects users' browsers and involves execution of malicious commands coming from untrusted data. To understand cross-site scripting, it's important to understand a few things about HTML which plays a fundamental part in every webpage. HTML stands for HyperText Markup Language which basically means that it tags content in order to structure how a website looks and works.
But how does an attacker get the malicious instructions into a webpage's HTML in the first place? Many websites take user input and then treat that information as code that executes in a web browser. If the website does not properly validate that user input, then it's possible for a hacker to take advantage and make the website follow malicious instructions that are injected via user input fields.