1. What defense will best help stop Cross Site Scripting (XSS)?
Correct Answer is : Output Encoding
2. For which input validation needs are regular expressions not enough?
Correct Answer is : File upload input
3. Which JavaScript functions are so dangerous that they will automatically execute untrusted data as JavaScript code?
Correct Answer is : SetTimeout()
4. What is the best way to parse JSON in the browser?
Correct Answer is : JavaScript: JSON.parse
5. What is the best design for input validation?
Correct Answer is : Setting a policy for good input and rejecting everything else.