Computerworld

XSS web attacks could live forever, researcher warns

Websites that accidentally distribute rogue code could find it harder to undo the damage if attackers exploit widespread browser support for HTML5 local storage and an increasing tendency for heavy ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Graham Cluley

WYSIWYG editors could be an avenue for XSS attacks, warns researcher

Many websites have a WYSIWYG editor. You may not even realise that you are using one, but – if you think about it – chances are that many of the sites that you visit allow you make forum posts, ...
Ars Technica

Help me understand cross-site scripting

I'm studying JavaScript for a class, and I'm stuck on understanding Cross-Site Scripting, what it is, and how to prevent it. Let me know if the concepts below are correct. Cross-site scripting ...