CSRF: 0 - No defense1 - Token validation XSS: 0 - No defense1 - Remove "script"2 - Remove several tags3 - Remove " ' and ;4 - Encode < and >