Cross site scripting attacks and same origin policy

Question

I am familiar with the persistent and non-persistent XSS. I also know about Same origin policy that prevents/restricts requests originating from one websites page to go to anoth

Answer 1

SOP typically cannot prevent either XSS or CSRF.

For XSS, jakber's answer already provides a good explanation. I just want to add that the reason to call this vulnerability "cross-site" is because the attacker can inject code (e.g.