Cross-Site Scripting (XSS) Anti-Pattern

Severity: Critical

Summary

Cross-Site Scripting (XSS) occurs when applications include untrusted data in web pages without proper encoding, allowing attackers to inject malicious scripts that steal cookies, hijack sessions, or perform unauthorized actions. AI-generated code has an 86% XSS failure rate.

The Anti-Pattern

The anti-pattern is directly embedding user-controlled data into HTML content without context-aware encoding or sanitization.

1. Reflected XSS

User input reflects malicious scripts immediately in the web browser response.

BAD Code Example