# Cross-site Scripting

> Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007.
>
> *Wikipedia (*[*https://en.wikipedia.org/wiki/Cross-site\_scripting*](https://en.wikipedia.org/wiki/Cross-site_scripting)*)*

## Escaping text

{% hint style="warning" %}
**You should not use this function for database queries.**

It is not designed for use with Databases, please use [databasemanager](https://docs.saturncms.net/1.0.0/dev/libraries-and-functions/databasemanager "mention") for escaping Database queries.
{% endhint %}

There are two possible ways to escape text in Saturn, using the XSS library's `Escape()` function, or by using the Saturn Core `Out()` function.

{% code title="XSS Library" %}

```php
use Saturn\SecurityManager\XSS;
$XSS = new XXS();

$XSS->Escape($Data);
```

{% endcode %}

{% code title="Saturn Core" %}

```php
Out($Data);
```

{% endcode %}

The Saturn Core function uses the XSS library's function, so it's often easier to just use `Out()` instead.