Multiple choice technology security

Which of the following are countermeasures for XSS

  1. Releasing Resources after use
  2. Input Validation
  3. Running with least privilege
  4. URL based access control
  5. Output Encoding

  1. 1 and 4

  2. 2 and 4

  3. 2 and 5

  4. 3 and 5

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Cross-site scripting (XSS) attacks exploit insufficient output encoding and input validation. Input validation (2) helps reject malicious input patterns, and output encoding (5) ensures user-supplied data is safely rendered (e.g., escaping < to <). Least privilege (3) and releasing resources (1) are general security practices but don't specifically prevent XSS. URL-based access control (4) is for authorization, not XSS.