Cross-site scripting (XSS) attacks are one of the more insidious types of Internet malicious activities because customers of a legitimate website may become victims without any direct compromise of the website, and often even without the site operator’s knowledge. Defending against such attacks can be difficult, but a function incorporated into newer web browsers adds a significant defensive tool against XSS.
A quick review: an XSS attack occurs when an attacker is able to insert malicious content into a legitimate website’s pages. The goal is to use the legitimacy of the targeted site to deliver this malicious content to other visitors. Areas of a web site most often targeted are discussion forums and comment sections, areas specifically intended to receive input from one visitor and display to many others.