Cross-site Scripting attacks (XSS) is one type of the computer security breaches that attacker uses web application to inject his malicious code. It enables attacker to inject scripting code that executes in the browser and view by other users where attacker steal cookies from account of users and access the sensitive information in the web application. In this attack, the malicious scripting is injected that may make the website under the control of attacker. There are solutions to these attacks on the levels of client-side and server-side which can complete each other s to provide protection for the website and web applications to prevent malicious scripts from being implemented. In this paper, we clearly show and simulate how the cross site scripting disturbs the website and how to put method to prevent this vulnerability. Stored XSS attacks and Reflected XSS attacks are prevented using the encoding and filtering input. The proposed method is tested in many web site in client side and server side.

1. Introduction
The development of web application is important in the framework of E-Business, E-banks and others. Computer security play a vital role in maintain the information that stored in web applications such as credentials, contacts, and user accounts. Web development has led to two issues, positive aspect of improving web pages and a negative aspect that affected by attacker who break down its security. Websites and web applications are vulnerable to attack constantly as web applications run on port 80, which always remains open and unprotected by the mechanisms of defense (SSL, Firewalls). In addition, there are 90% of loopholes within the application layer [1].
Browsers manufacturer put the agreement which called later “The-same-origin policy” that limits the implementation of script in browser. Despite the existence of same-origin policy, but the web applications still suffers from serious flaws that threaten the security of the Web such as SQL injection ,Cross site scripting attacks and Cross-Site Request Forgery (CSRF)...etc. that breaks the “the-same-origin policy”. Cross site scripting attack belongs to early of 1996 during the work with web applications[2]. On 20 February, 2000, the first appearance of this attack when Computer Emergency Response Team (CERT) published information about modern vulnerabilities affecting Web applications called XSS attacks[3] . Figure (1) shows that % test for XSS attack overcoming the SQL injection from year 2007 to 2011 [4].