OpenWebF Security: XSS & Input Sanitization
Instructions
- •Identify sources of untrusted input (UGC, remote content, query params).
- •Look for unsafe HTML string rendering patterns and missing sanitization.
- •Recommend explicit sanitization and input validation strategies.
- •Use MCP docs (“Security > Prevent XSS / Sanitize HTML / Validate Input”) to anchor recommendations.
- •Provide fixes as minimal, concrete suggestions; do not modify files by default.
More: