Explain techniques for preventing and mitigating cross-site scripting (XSS) attacks in web applications, including input validation, output encoding, and content security policies (CSP).