Converting all non-alphanumeric characters to HTML character entities is a common defense against Cross-Site Scripting (XSS) attacks. Here's how it works:
* User Input Sanitization: When user input is received, the system converts characters like <, >, &, ', and " into their corresponding HTML entities (e.g., &lt;, &gt;, &amp;, &apos;, and &quot;).
* Preventing Script Execution: By converting these characters, the system prevents potentially malicious scripts from being executed in the browser of anyone viewing the content.
* Maintaining Data Integrity: This process allows user-generated content to be displayed without altering the intended message while ensuring the content cannot harm other users or the system.
References:
* EC-Council's Certified SOC Analyst (C|SA) course material covers various cybersecurity threats, including XSS attacks, and the methods used to mitigate them.
* The study guides and resources provided by EC-Council for the SOC Analyst certification include detailed explanations of XSS attacks and the importance of sanitizing user input to prevent such vulnerabilities1234

The HTTP status codes that fall within the range of 1XX represent informational messages. These are provisional responses that indicate the initial part of a request has been received and has not yet been rejected by the server. The server is informing the client that it has received the header of the request and the client should continue to send the request body if it has not already done so. These status codes are used to provide an interim response to the client while the server processes the full request.
References: The EC-Council's Certified SOC Analyst (C|SA) program includes the study of HTTP status codes as part of understanding web server logs and troubleshooting web server issues. The informational responses (1XX status codes) are covered in the curriculum and can be found in the official EC-Council SOC Analyst study guides and courses. The information is also consistent with the standard definitions provided by the Internet Engineering Task Force (IETF) in RFC 9110, as well as other reputable sources such as MDN Web Docs1 and Wikipedia2.