dom based cross site scripting prevention

For each location where your string appears within the DOM, you need to identify the context. Prevent XSS by sanitizing user data on the backend, HTML-encode user-provided data that's rendered into the template, and . At a basic level XSS works by tricking your application into inserting a