How well do YOU know XSS and how to defend against it? Let's give that a test!
Input Validation
Output Encoding
Cryptographic Tokens
Rate Throttling
File upload input
Validating a username
HTML Sanitization
Validating untrusted JSON
Validating a user's age
InnerHTML()
Eval()
Alert()
SetTimeout()
Text()
All of the above
JSON parsing plugin
JavaScript: JSON.parse
JavaScript: eval()
JavaScript: innerHTML()
Server-side outbound JSON validation
Detecting attacks and rejecting them.
Setting a policy for good input and rejecting everything else.
Setting a policy for bad input and logging them.
None of the above
Content Transport Policy
Strict Content Policy
Content Security Policy
Content Policy Security