
How is XSS different from CSRF?
Someone asked me this question, I gave him some answers but he did not seem satisfied, I hope this makes him satisfied. Cross-site request forgery and Cross-site scripting are both client side attacks which performs action on behalf of users. Just some context here - Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user. The attack happen because of the acceptance of the malicious code by the sites....