ABSTRACT
CERT advisory, the most useful portion of it was buried in
a hyperlink at the end-https://www.cert.org/tech_tips/
malicious_code_mitigation.html. The article, entitled
“Understanding Malicious Content Mitigation for Web
Developers,” described a variety of issues associated with
unvalidated user input. Moreover, it went into extensive
detail on how to preclude XSS attacks by making the
following recommendations:
The character encoding for every Web page should be explicitly set by using the HTTP “charset” parameter.