I'm currently doing some encoding work to protect a site from XSS attacks. We've stuck a bunch of
<script>debugger;</script> tags in the db. Dispite my best efforts, the strings I've encoded to stop the debugger getting hit (to prevent an XSS attack), are still getting hit in developer tools.
Is there a chance that double encoding something could cause this to happen or is that not possible?
Thanks in advance!