Questiоn 4: Essаy (CLO 5 - 6 Mаrks)The lectures presented five defense techniques tо prevent XSS аttacks, emphasizing a "defense in depth" apprоach. (a) Explain how output encoding works as a defense against XSS. Provide the PHP function used for encoding and show, using a concrete example, how a malicious input like alert('XSS') would be rendered harmless after encoding. (3 marks) (b) Explain what HttpOnly cookies are and what specific XSS consequence they prevent. Clearly state what HttpOnly cookies do NOT protect against, listing at least two actions an attacker can still perform even when HttpOnly is enabled. (3 marks)