Your company's development team has identified that a web application hosted in a staging GKE environment dynamically includes user data in web pages without proper input validation. This flaw could enable an attacker to execute malicious scripts and display arbitrary content in a victim's browser if deployed to production.

How should you remediate and prevent this vulnerability?

Exam-Like

Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.

Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.

Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.

Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Google Professional Cloud Security Engineer