Anything you can do XSS can do better
Cross Site Scripting (XSS) is the number one vulnerability in Drupal code¹ and one of the scariest forms of exploits, because anything you can do XSS can do better².
More serious than <script>alert('xss')</script>
Read the rest of Anything you can do XSS can do better
This page is kept so the comments posted here are available since they provide additional help and insights.