There are a lot of things to keep in mind when it comes to web development. Security should be at the top of your list. If you read up on web application security, you’re probably familiar with cross-site scripting or XSS attacks. XSS attacks can cause serious damage but are really simple to prevent.
If you aren’t familiar, a XSS vulnerability occurs when your application takes user data and then sends it to the web browser without proper validation. An example would be a contact form that displays a confirmation after it has been submitted. The contact form asks for your first name then displays a message like “Thanks for your inquiry Bob!”
That single line isn’t malicious but it does run unintended code if your app is vulnerable. If your app is vulnerable the confirmation page will display a pop-up window with “42″. A properly secured application will recognize that string as invalid and either drop any sort of tags or code or produce an error.
Using this quick test, you should be able to identify and prevent most if not all XSS attacks in your apps.