14 · Shipping & Collaboration

XSS

Cross-Site Scripting

An attack where hostile script runs in another user’s browser—often because untrusted HTML was rendered without escaping.

Concrete example

Echoing a raw comment field into the page can let an attacker steal a session cookie.

Why it matters

The frontend twin of SQL injection in agent-generated UI.