One of the most common classes of vulnerability in websites is called Cross-Site Scripting or XSS.
XSS vulnerabilities are where it is possible for a user to cause JavaScript to be executed.
There are a number of different variants of XSS vulnerability, with varying degrees of severity.
This includes redirecting victims to external websites, stealing authentication tokens, and monitoring payment details.
This is called DOM-based XSS as it stays in the JavaScript Document Object Model, or DOM.
The correct solution is to use HTML entities to encode user-submitted data.
