A cross-site scripting attack is amongst the top 5 security attacks happened out on a daily basis across the Internet.
we are facing this problem most often, because its very next to impossible to develop 100 % secure code. Every PHP programmer has the responsibility to understand how attacks can be carried out against their PHP scripts to exploit possible security vulnerabilities.
Below are some steps to prevent XSS:
1. Data validation
2. Data Sanitization
3. Output Escaping