Content Transformation
Input Validation
|
Output Encoding
|
Built-in browser APIs
|
encodeURI
| encodeURIcomponent
escape
|
decodeURI
Content Filtering
Web Application Firewalls
|
Request filtering
|
ModSecurity
|
Browser-based XSS Filters
|
Pattern matching
Content Restriction
Code Filtering
|
Content Security Policy
|
HttpOnly cookies
|
Trusted Types
|
Content sanitization
HTML Sanitizers
|
DOMPurify
|
Google Caja
|
Edge’s XSS filter
Taint Tracking
In-browser Monitoring