I am trying to write XSS filter from my application. I already have a XSS filter which doesn't accept the invalid input from the form. I have those check with
. Since there can be N number of patterns check how can I write these in efficient way.
if(scriptTagCheck() || srcValueCheck() || .....)
Second I need to same for response/data send to the client/browser. I don' think filter can do this for me. So how I can make sure data send back to browser doesn't have such malicious tag.