This covers the essential XSS prevention techniques you actually need: HTML entity encoding for text content, DOMPurify for sanitizing rich HTML, and CSP headers to lock down what can execute. The quick start shows a practical Node.js implementation, and the reference guides extend it to Python and React. Worth noting it takes the right approach by defaulting to encoding rather than sanitization, only using the heavier sanitization when you truly need rich content. The best practices section is short but hits the critical points, especially the warning against innerHTML and mixing contexts. If you're displaying user generated content anywhere, this gives you a solid defensive setup without overthinking it.
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill xss-prevention