XSS Defense. Filter all foreign data. Use existing functions. Use a whitelist approach. Use a strict naming convention.