How do you stop XSS?

There are several things I recommend doing as a developer to try and stop XSS from occurring:

  • Filter dangerous characters, like the ones listed above.
  • Convert all characters which are not letters or number to HTML before displaying the user input in search scripts and forums.
  • Develop some signing scripts with private and public keys that check to make sure that all the scripting is authenticated.
  • Make sure that the pages in the Web site or web application return user inputs only after checking them for any potentially malicious code.