Which among the below are the best defences against XSS? Select 2 answers
-
Use HTTPS only cookie
-
Output Encoding
-
Data Validation
-
Use HTTPS protocol
B,C
Correct answer
Explanation
XSS defenses require preventing malicious script execution. Output encoding converts special characters to safe equivalents (e.g., < to <), blocking script injection. Data validation ensures input matches expected patterns before processing. HTTPS alone (options A and D) protects transmission but not XSS execution.