Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software
applications?

A.
Validate and escape all information sent to a server

B.
Use security policies and procedures to define and implement proper security settings

C.
Verify access right before allowing access to protected information and UI controls

D.
Use digital certificates to authenticate a server prior to sending data

Explanation:
Contextual output encoding/escaping could be used as the primary defense mechanism to stop Cross-site
Scripting (XSS) attacks.
https://en.wikipedia.org/wiki/Crosssite_scripting#Contextual_output_encoding.2Fescaping_of_string_input