Cross-Site Scripting (XSS)- How to avoid

<script>alert(42)</script>

in FF 47 it was executable href="http://127.0.0.1:8000/?title=%3Cscript%3Ealert%2842%29%3C/script%3E" - Click here to see bad example

Click here to see bad example HTML file