Brain extension

Frontend security: XSS, trust boundaries, and a demo you can run

How XSS reaches the DOM, which browser APIs are sinks, and mitigations that hold in production—sanitization, CSP, cookies, and CSRF pairing.