Scenario: Alice is a developer working on a web application that allows users to post comments on articles. The application uses a simple text box to accept comments, which are then displayed on the article page. Alice wants to ensure that the application is secure against Cross$-$Site Scripting $($XSS$)$ attacks.

Which of the following measures should Alice implement to protect the application against XSS attacks? Select all that apply.

Select $3$ correct answer$($s$)$

Question $4$ options:

Use a Web Application Firewall $($WAF$)$: Alice should use a WAF to monitor and filter HTTP traffic to and from the application, blocking known XSS attacks.

Validate and sanitize user input: Alice should validate and sanitize user input to remove or encode any potentially malicious scripts.

Escape output: Alice should escape user input when displaying it in the application's output to prevent it from being interpreted as code.

Implement HTTPS: Alice should ensure that the application uses HTTPS to encrypt data transmitted between the server and the client, reducing the risk of eavesdropping and data tampering.

Use Content Security Policy $($CSP$)$: Alice should use CSP to restrict the sources from which the application can load scripts, stylesheets, and other resources.

Implement Same Site cookie attribute: Alice should set the Same Site attribute on cookies to prevent them from being sent in cross$-$site requests, reducing the risk of CSRF and XSS attacks.