CISSP · Question #909
Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?
The correct answer is B. Whitelist input validation. Whitelist input validation only allows explicitly permitted characters, formats, or patterns (for example, "only digits and hyphens" for a phone field), which greatly reduces the chance that malicious script can be injected in the first place. In contrast, blacklist‑style checks
Question
Options
- AUse Software as a Service (SaaS)
- BWhitelist input validation
- CRequire client certificates
- DValidate data output
How the community answered
(61 responses)- A8% (5)
- B77% (47)
- C11% (7)
- D3% (2)
Explanation
Whitelist input validation only allows explicitly permitted characters, formats, or patterns (for example, "only digits and hyphens" for a phone field), which greatly reduces the chance that malicious script can be injected in the first place. In contrast, blacklist‑style checks (blocking known "bad" strings) are easier to bypass, so whitelisting is considered a stronger, more secure approach for XSS and similar injection flaws.
Topics
Community Discussion
No community discussion yet for this question.