From 32347286627f5d743af50cc9e1882f5056ea63eb Mon Sep 17 00:00:00 2001 From: wbamberg Date: Thu, 12 Dec 2024 22:15:15 -0800 Subject: [PATCH] Update files/en-us/web/security/attacks/xss/index.md Co-authored-by: Hamish Willee --- files/en-us/web/security/attacks/xss/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/security/attacks/xss/index.md b/files/en-us/web/security/attacks/xss/index.md index 820ffa63d70b96f..f7b05ca6d48995f 100644 --- a/files/en-us/web/security/attacks/xss/index.md +++ b/files/en-us/web/security/attacks/xss/index.md @@ -123,7 +123,7 @@ For example, consider a blog with comments. In a case like this, the website: 1. Allows anyone to submit comments using a {{htmlelement("form")}} element 2. Stores the comments in a database -3. Includes the comments in the that the website serves to other users. +3. Includes the comments in pages that the website serves to other users. If the comments are not sanitized, then they are potential vectors for XSS. This kind of attack is sometimes called _stored_ or _persistent_ XSS, and is particularly severe, because the infected content will be served to all users who access the page, every time they access it.