Translations:DOM-based XSS/10/en

As with standard XSS prevention, you should validate the data coming in when possible, and always escape the data as your script writes out to the page.