Is jwt's token really safe?

what if the token of jwt exists and the localStorage, is obtained through a xss attack, so that cross-site forgery requests can be made to send illegal requests to the server? Or you can add another ase request to token. I don"t know much about jwt just now.

Dec.22,2021

The token generated by

jwt is not encrypted. Its function is to ensure the credibility of the data and prevent it from being tampered with. The security of token itself needs other technologies to ensure.
for example, cross-site attacks like you are worried can be prevented by cookie storing token . But there are other dangers with cookie , such as cross-site request forgery CSRF , so other security measures are needed to prevent CSRF , but if api needs CSRF , it will cause other problems.
can be ensured by adding encryption and more verification conditions.
these require you to know more about these security means, and then decide which to use according to your needs and costs.

TOKEN is added to HEADER and uses HTTPS to communicate. Is there any security risk?
location of JWT storage-Cookies and HTML5 Web storage

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e51cd6-2769c.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e51cd6-2769c.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?