Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
All are ways to prevent XSS, which requires separation of untrusted data from active browser content. These options to separate untrusted data are correct EXCEPT:
For rich content, consider auto-sanitization libraries like OWASP’s AntiSamy or the Java HTML Sanitizer Project.
Wrapping the data in json structures for easy manipulation.
The preferred option is to properly escape all untrusted data based on the HTML context (body, attribute, JavaScript, CSS, or URL) that the data will be placed into.
Consider Content Security Policy (CSP) to defend against XSS across your entire site.
Positive or "whitelist" input validation is also recommended as it helps protect against XSS, but is not a complete defense as many applications require special characters in their input. Such validation should, as much as possible, validate the length, characters, format, and business rules on that data before accepting the input.
Wrapping data in json structures is not a correct way to separate untrusted data as it may still contain harmful data.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.