diff --git a/_posts/2020-04-25-xss.md b/_posts/2020-04-25-xss.md
index 65aa2ac..a787914 100644
--- a/_posts/2020-04-25-xss.md
+++ b/_posts/2020-04-25-xss.md
@@ -72,6 +72,7 @@ but they would show up to a user as `<`.
 
 When inputs are not properly sanitized *and* the input is shown to the user in another part of the website,
 then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+For example: a name for a quiz website (input) and the leaderboard for said quiz (display).
 
 HTML, by itself is not very dangerous.
 The worst thing you could do is probably put a link on your name,