XSS Protection (Wix)

Understanding security boundaries with embeds and code.

Cross-site scripting (XSS) is a common web vulnerability. Wix’s platform limits risky script injection by design, but you should still treat embeds, HTML iframes, and custom code carefully. Sanitize user input in Velo, validate parameters, and avoid exposing sensitive data in the frontend. Security is a shared responsibility: Wix provides infrastructure; you keep custom logic safe.