Task 2 – Cross-site scripting

The user interface is generated in inf226.inchat.Handler. The current implementation is returning a lot of user data without properly escaping it for the context it is displayed (for instance HTML body).

Take measures to prevent XSS attacks on inChat. Hint: In addition to the books and the lecture slides, you should take a look at the OWASP Cheat Sheet https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html