312-50V11 · Question #512
Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
The correct answer is D. Validate and escape all information sent to a server.. XSS is prevented by validating and escaping all user-supplied data before it is processed or rendered, neutralizing injected scripts.
Question
Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
Options
- AUse digital certificates to authenticate a server prior to sending data.
- BVerify access right before allowing access to protected information and UI controls.
- CVerify access right before allowing access to protected information and UI controls.
- DValidate and escape all information sent to a server.
How the community answered
(46 responses)- A7% (3)
- B11% (5)
- C2% (1)
- D80% (37)
Why each option
XSS is prevented by validating and escaping all user-supplied data before it is processed or rendered, neutralizing injected scripts.
Digital certificates secure server authentication and encrypt transport via TLS, but do not prevent XSS, which exploits how a server processes and reflects user input back to the browser.
Verifying access rights is an authorization control that governs what authenticated users may access, but does not sanitize user input or prevent script injection into web pages.
Checking access rights before exposing UI controls addresses authorization, not the injection of malicious client-side scripts caused by unescaped user input.
XSS attacks occur when untrusted input is sent to a browser without proper sanitization, allowing malicious scripts to execute in the victim's session. Validating input on the server side and HTML-escaping output ensures user-supplied content is treated as plain text rather than executable code, which is the primary mitigation strategy recommended by OWASP.
Concept tested: Cross-site scripting prevention via input validation and escaping
Source: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Topics
Community Discussion
No community discussion yet for this question.