define XSS on first use

oauth-wg · Sep 13, 2022 · da83b0d · da83b0d
1 parent b49f414
commit da83b0d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/draft-ietf-oauth-browser-based-apps.md b/draft-ietf-oauth-browser-based-apps.md
@@ -247,7 +247,7 @@ the application, authorization server and resource server share a domain, then i
 unnecessary to use a redirect mechanism to communicate between them.
 
 An additional concern with handling access tokens in a browser is that
-in case of successful XSS attack, tokens could be read and further used or transmitted by the injected code if no
+in case of successful cross-site scripting (XSS) attack, tokens could be read and further used or transmitted by the injected code if no
 secure storage mechanism is in place.
 
 As such, it could be considered to use an HTTP-only cookie between the JavaScript application