🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional27 / 124
Question 27 of 124

A development team is building a cloud-hosted web application that displays user-submitted comments on a public product page. During a threat modeling review, a security engineer flags that attacker-supplied comment text could be rendered directly into the HTML response, allowing malicious scripts to execute in other users' browsers. Which control most directly mitigates this OWASP-classified vulnerability?

Reviewed for accuracy · Report an issueNext question