2019-10-21, 07:28 AM
You might want to set a content security policy header for privileged areas (ucp, mcp, acp) and the login / registration pages. Ideally, you would do it globally tbh, it should help to kill off any unwanted scripts that might be running for whatever reason, whether it's a XSS flaw or something else.