In this chapter we covered a whopping amount of information about XSS. Its large attack surface makes it difficult to evade, but you now know the various OWASP rules on how to avoid XSS flaws in your application. You should be able to identify different attack points and know when to apply which encoding rules.
XSS is not the only attack vector on the client side. In the next chapter, we look at another one: CSRF (cross-site request forgery).
https://developer.mozilla.org/en-US/docs/Security/CSP/Using_Content_Security_Policy
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet
18.117.234.225