define XSS on first use

aaronpk · aaronpk · commit da83b0d219c4 · 2022-09-13T10:05:32.000-07:00
diff --git a/draft-ietf-oauth-browser-based-apps.md b/draft-ietf-oauth-browser-based-apps.md
@@ -247,7 +247,7 @@ the application, authorization server and resource server share a domain, then i
 unnecessary to use a redirect mechanism to communicate between them.
 
 An additional concern with handling access tokens in a browser is that
-in case of successful XSS attack, tokens could be read and further used or transmitted by the injected code if no
+in case of successful cross-site scripting (XSS) attack, tokens could be read and further used or transmitted by the injected code if no
 secure storage mechanism is in place.
 
 As such, it could be considered to use an HTTP-only cookie between the JavaScript application
