XSS allows attackers to execute malicious scripts in the victim's browser.

• Context-aware output encoding (HTML, attributes, JS, CSS)
• Use modern frontend frameworks (React, Angular) that auto-escape by default
• Implement stringent Content Security Policy (CSP)