An emerging breed of Web-based attacks is based on abusing trust by spoofing the origin of malicious information. The two most common examples of this style of attack are cross-site scripting (XSS) and cross-site request forgeries (CSRF).
Cross-site scripting is a style of attack that involves the injection of malicious code into a site that is trusted by the victim. As an example, consider a Web-based forum, where users all view messages posted by each other. Imagine a user who posts the following message:
Get HTTP Developer’s Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.