An emerging breed of Web-based attacks is based on abusing trust by spoofing the origin of malicious information. The two most common examples of this style of attack are cross-site scripting (XSS) and cross-site request forgeries (CSRF).
Cross-site scripting is a style of attack that involves the injection of malicious code into a site that is trusted by the victim. As an example, consider a Web-based forum, where users all view messages posted by each other. Imagine a user who posts the following message:
<script>alert('Danger’)</script>
All users who view this post and have JavaScript enabled will execute this script as if it originated from the current Web site. Although this example is harmless ...
No credit card required