XSS (Cross Site Script), the full name of cross-site scripting attacks, in order to be differentiated from CSS (Cascading Style Sheet), so called XSS in the security field.
XSS attack, hackers often referred to by injecting HTML tampering with web pages, insert malicious script, so that when users browse the Web, an attacker control the behavior of the user's browser. When it first appeared this behavior, all cases demonstrate all cross-domain behavior, so called " cross-site scripting ." Today, with the complexity of Web-side functionality of the application, whether cross site no longer important, but XSS name has been retained.
With the rapid development of the case of Web development, JavaScript before and after take-all end, and even the development of APP, so the scenario generating more and more and more complex, XSS increasingly difficult for unity, the industry now reached the consensus is that XSS different for different scenarios arising from the need to distinguish treatment. Even so, complex applications are still XSS breeding ground, especially a lot of companies to implement rapid development, a version of one week in the case two weeks a large version, ignoring the safety of this important property, once attacked, the consequences would be disastrous.
Platform-specific example:
Black third party on our website, put a name to a form of code:
Information (all information pages can be seen after F12) all the pages in the system any user into the site, to see the name of the third party can get to see the receipt.
Issues related to the dialogue:
Third party just mentioned can receive all the information on the page, it can be understood as all information pages F12 can be seen.