I go through the OCMJEA wall of fame several times, but do not find any guidance about how to apply request.
As an Asian people, it is not easy to pass this exam because of our poor English.
So I want to share my name on this big forum for encouraging others.
The following answer maybe wrong. May I ask some help here?
Which two measures are most effective in protecting websites from cross site scripting (XSS)
C. Ensure that the session cookie is sent only on UTTPS connections.
D. Treat all user-supplied input as unsafe, and white list known good characters
E. Execute all user-supplied scripts in a server-side sandbox.
I think DE is more correctly. AB is right, but not enough.