A Cross-site scripting (XSS) type of attack allows hackers to inject malicious client-side scripts into web applications. Once the script is injected into a trusted website, it has access to the user's sensitive information such as cookies, the content of the page, and others.
To guard our Express applications against this type of attack, we should employ the following techniques:
We should always try to validate data sent by the users before processing it. In some situations, we can validate it against a list of known values, but this isn't always the case.
A handy module to do validation ...