question about cross site scripting

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Example of a cross site scripting
HREF= =<SCRIPT>malicious
code</SCRIPT>>Click here</A>

fine the script is malicious, but it is web servers' responsibility for
such a script is being hosted by web server.

Also the script could also be hosted at another web server, but in this
scenario also it is the legitimate site's responsibility to make sure
that all content hosted or content being referenced from other third
party websites is checked.

Please let me know if my understanding of the above two scenarios is

Site Timeline