You're researching a recent XSS attack against a web application. The developer showed you the JavaScript code
used to sanitize and validate input in the browser; even if
you're not a coder, it seems like it would have prevented the
attack. What is the most likely reason the web application
was vulnerable? Choose the best response.

A. Client-side validation can be easily bypassed.
B. Input validation doesn't reliably protect against XSS
attacks.
C. Server-side validation can be easily bypassed.
D. The attacker performed an injection attack to bypass
input validation.