Validating rich text field
To do so, she writes a script designed to run from other people's browsers when they visit her profile.
The script then sends a quick message to her own server, which collects this information.
Some sources further divide these two groups into traditional (caused by server-side code flaws) and DOM-based (in client-side code).
There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of XSS flaws: non-persistent and persistent.
A reflected attack is typically delivered via email or a neutral web site.