What are the measures to protect HTML output tag from XSS attack?

edit

Here are some measures to protect HTML output tag from XSS attack:

1. Input Validation: Validate and sanitize all user inputs before they are rendered on the web page. This can be achieved by filtering out any invalid or malicious characters, like "<", ">" or "'" from the user input.

2. Content Security Policy: Implement a Content Security Policy (CSP) on your website. CSP is an HTTP header that allows the website owner to control which sources of content (e.g., scripts, stylesheets) are allowed to be executed on their web pages.

3. Encoding: Encode all user inputs and dynamic content (such as HTML, JavaScript, and CSS) using HTML entities or JavaScript Object Notation (JSON) encoding.

4. Use secure cookies: Secure cookies that protect against cross-site scripting attacks and cookie injection attacks can be used.

5. User Input Filtering: User input filtering can help reduce the risk of XSS attacks by filtering out potentially malicious content.

6. HTTPS: Use HTTPS to ensure communication between the client and server is over a secure connection.

7. Updated Software: Ensure all software and plugins used on your website are up-to-date and free of known security vulnerabilities.