<
but they would show up to a user as <.
When inputs are not properly sanitized and the input is shown to the user in another part of the website,
-then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+For example: a name for a quiz website (input) and the leaderboard for said quiz (display).
HTML, by itself is not very dangerous.
The worst thing you could do is probably put a link on your name,
diff --git a/_site/feed.xml b/_site/feed.xml
index 7dd7111..3ce28c2 100644
--- a/_site/feed.xml
+++ b/_site/feed.xml
@@ -1,4 +1,4 @@
-Jekyll 2020-04-25T12:49:41+00:00 http://localhost:4000/feed.xml What is XSS? 2020-04-25T00:00:00+00:00 2020-04-25T00:00:00+00:00 http://localhost:4000/2020/04/25/xss <p>I found a cross-site scripting (XSS) attack
+Jekyll 2020-04-25T13:05:38+00:00 http://localhost:4000/feed.xml What is XSS? 2020-04-25T00:00:00+00:00 2020-04-25T00:00:00+00:00 http://localhost:4000/2020/04/25/xss <p>I found a cross-site scripting (XSS) attack
in a well-known quiz hosting website.
I disclosed the vulnerability to them years ago, so I thought
now might be a good time to write about it.</p>
@@ -66,7 +66,8 @@ Internally this would be something like <code class="highlighter-rouge&q
but they would show up to a user as <code class="highlighter-rouge"><</code>.</p>
<p>When inputs are not properly sanitized <em>and</em> the input is shown to the user in another part of the website,
-then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.</p>
+then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
+For example: a name for a quiz website (input) and the leaderboard for said quiz (display).</p>
<p>HTML, by itself is not very dangerous.
The worst thing you could do is probably put a link on your name,