Glossary

Cross-site scripting (XSS)

Cross-site scripting (XSS) — a term used across the Credicorp developer documentation, defined here for engineers integrating the public /public/v1 API.

2 min read

injectionAttack type
sanitise+escapeDefence

What it is

Cross-site scripting (XSS) is an attack where malicious script is injected into a page and runs in a victim’s browser. Untrusted HTML is the classic vector.

In the Credicorp API

To reduce XSS risk, the CMS endpoint sanitises its HTML before serving it. Because you are ultimately responsible for what renders on your page, still apply your framework’s escaping and a Content-Security-Policy. See HTML sanitisation.

Frequently asked questions

Does sanitisation alone stop XSS?

It removes the obvious vectors, but you should layer your own escaping and a Content-Security-Policy at render time. Defence in depth is the rule.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.