A security audit has determined that your web application is vulnerable to a cross-site scripting attack. Which of the following measures are appropriate when building a security policy? (Choose 2)
A. Cookie length must be restricted to 1024 bytes.
B. Attack signature sets must be applied to any user input parameters.
C. Parameter data entered for explicit objects must be checked for minimum and maximum values.
D. Parameter data entered for flowlevel parameters must allow some meta-characters but not others.