jonmbake
commented
8 years ago Hey Simon.
The biggest cause of XSS is server-side rendering of dynamic content to the page, usually something submitted by a visitor. An example would be a comments section where the comments submitted by visitors are not properly HTML-escaped.
This contact form does not do any dynamic content renderer, therefore I don't think there is much threat from a XSS attack. If you are aware of a specific XSS vulnerability let me know and I'll patch it.
Thanks, Jon
What features are in place to stop XSS attacks as I do not see any currently.