What is cross-site scripting (XSS) and how can I prevent it?
- Cross-Site Scripting (XSS) is an attack in which malicious code is injected into a website or application.
- To stop an XSS attack, developers should:
- Validate user input using input filtering
- Encode output using HTML entities and character references
- Use a Content Security Policy (CSP)
