Hi All,
I want to prevent my application from external XSS attack. Especially when user enters a name of the app and description, these are the input fields where there is a chance of cross site scripting ( XSS ) attack. I have tried function encodeURI(). But this is converting external scripting and displaying to the user. I want this to be handled within the code and what user enters should only be visible to the user.
Any help would be appreciated.