XSS mitigations

  • Never trust user input.

  • Minimise the use of user input.

  • Escape, filter, validate any untrusted input at both the client and server so that potentially dangerous characters, text, or code is removed (or rendered benign).