9 Jul 2016 Cross-site scripting (XSS) is a code injection attack that allows an in order to get the website to deliver the malicious JavaScript for him. However, since the user input is included directly, an attacker could submit this comment: "