Untrusted input is one vector -- but XSS comes from a lot of places: third-party JS (google analytics, etc.) -- domain compromise, DNS hijacking -- all over. It's significantly harder to prevent.
This article really only discusses the content from a web perspective, if you're doing native mobile stuff it's a whole different story =D
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey!
Untrusted input is one vector -- but XSS comes from a lot of places: third-party JS (google analytics, etc.) -- domain compromise, DNS hijacking -- all over. It's significantly harder to prevent.
This article really only discusses the content from a web perspective, if you're doing native mobile stuff it's a whole different story =D