It would be nice to be able to publish Web applications and sites without worrying about them being hacked, but it is not realistic. It's a jungle out there on the Internet, and unless you take serious precautions, your site is bound to become compromised sooner or later.
To make things more challenging, the security of an application is like a chain: it's only as strong as its weakest link. Covering the subject of securing a Web server is well beyond the scope of this book. If you are not familiar with the process, hosting companies and plans are available that will take care of this for you. What they cannot do, though, is guarantee that your application is secure as well. As a developer, application-level security is your responsibility, and this section should help you make more conscious choices in this regard.
Cross-site scripting (XSS) attacks take advantage of vulnerabilities in a Web application to inject malicious code that will be executed when other users view the page.