I am using ASP.NET, and the ASP.NET page has a validate attribute that validates XSS checks. However, I would like to know that this is really enough?
I visited part of a related post on stackoverflow and it helped me, but I want to understand how to plan XSS when developing websites?
Do I need to test XSS on the client side, AJAX? How to do it? Are there any tools that can help in testing XSS?
Thanks,
source share