From 6f2c62e59b33ce7f03b10845fc67db9a7e5e389c Mon Sep 17 00:00:00 2001 From: wbamberg Date: Fri, 18 Oct 2024 13:55:41 -0700 Subject: [PATCH] Update files/en-us/web/http/csp/index.md Co-authored-by: Hamish Willee --- files/en-us/web/http/csp/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/csp/index.md b/files/en-us/web/http/csp/index.md index 33e5a1d8b3216bd..89389734a446056 100644 --- a/files/en-us/web/http/csp/index.md +++ b/files/en-us/web/http/csp/index.md @@ -59,7 +59,7 @@ A cross-site scripting (XSS) attack is one in which an attacker is able to execu An XSS attack is possible when a website accepts some input which might have been crafted by an attacker (for example, URL parameters, or a comment on a blog post) and then includes it in the page without _sanitizing_ it: that is, without ensuring that it can't be executed as JavaScript. -Websites should protect themselves against XSS by sanitizing this input before including it in the page. A CSP provides a complementary protection, which should protect the website even if sanitization fails. +Websites should protect themselves against XSS by sanitizing this input before including it in the page. A CSP provides a complementary protection, which can protect the website even if sanitization fails. If sanitization does fail, there are various forms the injected malicious code can take in the document, including: