This can be done via a function such as: It is the process of converting untrusted . At a basic level XSS works by tricking your application into inserting a