More and more applications are developing from desktop to networking in present WEB2.0 era. The content of the network gradually shifts from the original static hyperlink to a series of variegated applications including electronic commerce, electronic mailing, game recreation, digital media, which all can be loaded onto the browser. However, with the constant development of browser platform many hidden dangers concerning safety have arisen. For instance, a series of hacker methods such as Xss, xsrf (cross-site request forgery), DNS have become hidden threats to internet users. Hackers could steal users' personal information by utilizing malicious code or through phishing site, which may cause great economic loss. This paper aims to analyse Xss(cross site scripting) attack, and comes up with a new framework to solve this increasingly apparent safety problem.