Share on :
before putting data from user into an HTML page it must be first escaped using HTML entity encoding
htmlspecialchars(USER_INPUT)
import html
html.escape(USER_UNPUT)
WIP
any user supplied data should be escaped before embedding it into JavaScript value
json_encode(USER_INPUT)
import django.utils.html as html
html.escapejs(USER_INPUT)
in this section we will mention how to utilize the client side XSS defense mechanism
sending the following header with value 1 will activate browser
X-XSS-Protection: 1
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.