Translations:Cross-site scripting/5/en


 * The URL points to your web app and includes JavaScript in the query string. The web app, due to poor escaping, injects the arbitrary JavaScript into the page that gets shown to the user.