Information has become a very important need and has even become a basic need in this day and age. Much of the information available is confidential and not everyone has access to that information. CrossSite Scripting is a type of injection attack against a site by relying on weaknesses from the website or the user itself. Attackers try to steal data, confidentiality and website structure with certain commands through code scripting which is very contrary to the principles of information system security. So that the basic principles of information system security can be fulfilled, it is necessary to conduct research with the aim of finding loopholes and the effect of certain treatments for CrossSite Scripting attacks on websites under controlled conditions and closing the vulnerability gaps of the website. The research was conducted using the escaping metacharacter method which functions to convert special characters into HTML format. This method also functions as a filter on input so that the script that is injected by the user will not be executed by the browser and will be considered as normal input. From the results of the study, it shows that by entering certain characters or words as a rule (filter) which is the hallmark of the xss script, a pattern will be obtained which can later be used as a determinant of whether the input is really an ordinary string or script injection. The research contribution to be achieved is the importance of doing penetration testing on an information system for Agencies, Institutions and Companies, to always be able to recognize, analyze and respond to attacks on information systems and provide security and comfort to users of the information system.