Portswigger Blog Post about Cross Site Scripting

https://portswigger.net/web-security/cross-site-scripting

Mozilla’s summary of Same Origin Policy

https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy