Translations:Manual:MediaWiki architecture/84/en

Cross-site request forgery (CSRF) is avoided by using tokens, and cross-site scripting (XSS) by validating inputs and escaping outputs, usually with PHP's $1 function.