Which of the following are countermeasures for XSS
- Releasing Resources after use
- Input Validation
- Running with least privilege
- URL based access control
- Output Encoding
-
1 and 4
-
2 and 4
-
2 and 5
-
3 and 5
C
Correct answer
Explanation
Cross-site scripting (XSS) attacks exploit insufficient output encoding and input validation. Input validation (2) helps reject malicious input patterns, and output encoding (5) ensures user-supplied data is safely rendered (e.g., escaping < to <). Least privilege (3) and releasing resources (1) are general security practices but don't specifically prevent XSS. URL-based access control (4) is for authorization, not XSS.