Our users entrusted us with their data and it's our duty to keep this data secure as they use our application. Unfortunately, security best practic...
For further actions, you may consider blocking this person and/or reporting abuse
Using WAF is not an alternative to following best practices in preventing XSS, WAF can block suspicious payloads/requests but it WAF can be bypassed.
for example:
WAF should be added as an extra layer of security.
Agree on this, there is no substitute for proper input sanitation in an application. WAF's limitation on only being able to scan the first 500KB or so is problematic especially when addressing more sophisticated attacks