Protecting against XSS and other data hacks is easy enough. The hard part is ensuring you haven't forgotten a case. So what can we do? One approach is to test thoroughly. Inject bad data in all possible inputs to your application and test the output. Easier said than done. Scanmus Demo