Sanitize Input for Reflected/Stored XSS
There’s a reason why XSS vulnerabilities are so common in the wild: they’re difficult to get rid of. Sanitizing sounds simple in principle, but escaping and disallowing characters can get complicated quickly. Let’s look at various rules from the OWASP XSS Prevention Cheat Sheet, which you should keep in mind when building your site.
|||<!--<%- 1 %>--> ...|