Translations:Cross-site scripting/18/en

Output encoding (escaping) is context sensitive. So be aware of the intended output context and encode appropriately (e.g. HTML entity, URL, Javascript, etc.)