XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.
What is the correct code when converted to html entities?
A.
Option A
B.
Option B
C.
Option C
D.
Option D
Can I get a confirmation on this? I see it as C, not D because of the section “var x -” and “x.src -” in option D. Shouldn’t it be “var x =” and “x.src =” ? “=” is replaced with the “-” minus sign?
Nevermind, I didn’t see the left side of image properly for “C”. The greater than is there not less than to start, still what is the significance of changing equal sign to minus to make “D” correct?