The second means by which we can differentiate XSS types is by the location. The detection methods and defensive countermeasures can vary greatly based on which end of the connection was attacked: the client or server:
- Server XSS attacks can happen when a server is guilty of delivering malicious content as a part of its responses to client requests, because it was not adequately filtered or validated when it was originally input by another client, usually the attacking host. These attacks can be difficult for the client because the server bundles the attack with its HTML, and the client's browser is unable to differentiate the modified behavior of the server and therefore renders it faithfully, trusting ...