Author: From Application Security Principles to the Implementation of XSS Defenses