Hi Everyone, I'm new to web programming, and have only ran my server side code from an IDE so far. I stumbled onto the topic of XSS and I just wanted to make sure I got the concept right. So the gist of it is that like a SQL injection, if I send form data with code inside of it I can change the behavior of a servlet and access information I am normally not allowed to see? It's caused by using variables in the out.println() argument instead of strings? Is this accurate? Thanks.