var path = document.location.pathname;
if (path.lastIndexOf("/") != 0){
path= path.substring(path.lastIndexOf("/")+1);
}
open("default.htm?startat=" + path + document.location.search, "_top");
Which is the best way to prevent cross site scripting?
I am using this code I am trying to find a way to validate the data coming from url. But I do not know what kind of validation should I do.