Protecting against XSS and other data hacks is easy enough. The hard part is ensuring you haven't forgotten a case. So what can we do?

One approach is to test thoroughly. Inject bad data in all possible inputs to your application and test the output. Easier said than done.

Scanmus Demo