go package main import ( \t"github.com/gin-gonic/gin" \t"github.com/microcosm-cc/bluemonday" ) func main() { \tr := gin.Default() \t \tr.Use(clearXSS) \t \tr.GET("/xss-vulnerable", func(c *gin.Context) { \t\tc.HTML(200, "<script>alert('Hello, XSS!')</script>") \t}) \t \tr.GET("/xss-safe", func(c *gin.Context) { \t\tsafeHTML := "<h1>Hello, GIN!</h1>" \t\tc.HTML(200, sanitizeHTML(safeHTML)) \t}) \t \tr.Run(":8080") } func sanitizeHTML(html string) string { \treturn bluemonday.UGCPolicy().Sanitize(html) } func clearXSS(c *gin.Context) { \tc.Next() \t \tbody := c.GetString("Body") \tsanitizedBody := sanitizeHTML(body) \t \tc.Set("Body", sanitizedBody) } go package main import ( \t"crypto/rand" \t"encoding/base64" \t"net/http" \t"time" \t"github.com/gin-gonic/gin" ) func main() { \tr := gin.Default() \tr.Use(generateCSRFToken) \tr.GET("/login", func(c *gin.Context) { \t\tc.SetCookie("csrf_token", c.GetString("CSRFToken"), 3600, "/", "", false, true) \t}) \tr.POST("/transfer", func(c *gin.Context) { \t\tif !validateCSRFToken(c) { \t\t\tc.AbortWithStatus(http.StatusForbidden) \t\t\treturn \t\t} \t}) \tr.Run(":8080") } func generateCSRFToken(c *gin.Context) { \ttoken := make([]byte, 32) \trand.Read(token) \tcsrfToken := base64.StdEncoding.EncodeToString(token) \tc.Set("CSRFToken", csrfToken) } func validateCSRFToken(c *gin.Context) bool { \tclientToken, err := c.Cookie("csrf_token") \tif err != nil { \t\treturn false \t} \tserverToken, exists := c.Get("CSRFToken") \tif !exists { \t\treturn false \t} \treturn clientToken == serverToken } [1] GIN - GitHub. (https://github.com/gin-gonic/gin) [2] Cross-Site Scripting (XSS). (https://owasp.org/www-community/attacks/xss/) [3] Cross-Site Request Forgery (CSRF). (https://owasp.org/www-community/attacks/csrf)