Problem scenario
You know that cross-site scripting (aka XSS) attacks are a big concern in today's world. OWASP places XSS security risks as the seventh biggest web application risk as of June 2020. What are some techniques to stop such attacks from happening when designing a website that uses JavaScript?
Possible Solution #1
Have the HTML and JavaScript validate and escape regularly throughout the code. (The source of this is page 52 of JavaScript Security by Y.E. Liang.)
Possible Solution #2
Design cookies to allow the user from the IP address of issuance to interact with the web page and disallow any different IP address from interacting with the web page. (The source of this is page 52 of JavaScript Security by Y.E. Liang.)
Possible Solution #3
Minimize the utilization of JavaScript code to the least possible. (The source of this is page 52 of JavaScript Security by Y.E. Liang.)
Possible Solution #4
Use Content-Security-Policy (according to page 9 of Node.js Security by Liran Tal) to enable filtration of content; this is particularly useful if your website application will interact with an untrusted source.
Possible Solution #5
Use X-XSS-Protection, an HTTP header, can block XSS attacks (according to page 14 of Node.js Security by Liran Tal).
Possible Solution #6
Implement xss-filters library (according page 47 of Node.js Security by Liran Tal); this is particularly useful if your website application will interact with an untrusted source.