|
|
@@ -15,7 +15,7 @@ Cross site scripting (XSS) protection
|
|
|
XSS attacks allow a user to inject client side scripts into the browsers of
|
|
|
other users. This is usually achieved by storing the malicious scripts in the
|
|
|
database where it will be retrieved and displayed to other users, or by getting
|
|
|
-users to click a link which will cause the attacker's javascript to be executred
|
|
|
+users to click a link which will cause the attacker's javascript to be executed
|
|
|
by the user's browser. However, XSS attacks can originate from any untrusted
|
|
|
source of data, such as cookies or web services, whenever the data is not
|
|
|
sufficiently sanitized before including in a page.
|
Jannis Leidel