xss attack, often referred to "HTML injection" tampered with the page, insert malicious script to control an attack web browser when browsing the web.
xss Category:
1. reflective XSS (non-persistent type XSS)
The user input data "reflected" to the browser. (Entice users to click on a malicious link before a successful attack)
2. Storage type xss
Data input by the user "stored" on the server side, has a strong stability.
Such as blog articles contain malicious JS code was published, all access to the blog of the user's browser perform this malicious code, save malicious script to the server.
3.DOM Based XSS
In effect also said reflective xss, XSS formed by modifying the DOM node of the page.