Which of the following is a countermeasure against XSS scripting?
A. Create an IP access list and restrict connections based on port number
B. Replace “<” and “>” characters with “<” and “>” using server scripts
D. Connect to the server using HTTPS protocol instead of HTTP
The correct answer is B.
Escaping the “<” and “>” characters with HTML entity encoding is the best countermeasure to prevent switching into any execution context, such as script, style, or event handlers.
Certified Ethical Hacker v9