<P> As an example, an attacker may post a message on www.example.com with the following link: </P> <P> When another user clicks on this link, the browser executes the piece of code within the onclick attribute, thus replacing the string document. cookie with the list of cookies that are accessible from the current page . As a result, this list of cookies is sent to the attacker.com server . If the attacker's malicious posting is on an HTTPS website https://www.example.com, secure cookies will also be sent to attacker.com in plain text . </P> <P> It is the responsibility of the website developers to filter out such malicious code . </P> <P> Such attacks can be mitigated by using HttpOnly cookies . These cookies will not be accessible by client - side scripting languages like JavaScript, and therefore, the attacker will not be able to gather these cookies . </P>

A system of computers that share information by means of links on web pages