During a routine security review of a web application, analysts discover a vulnerability that allows attackers to inject harmful scripts into comment fields, which are then stored and executed on other users' browsers when the comments are displayed. What is the BEST mitigation strategy to address this specific security issue?
Rely solely on input validation for all user-generated content to prevent malicious input.
Enforce output encoding for all user-generated content displayed on the web application.
Use a Content Security Policy (CSP) to prevent the execution of unauthorized scripts.
Install a Web Application Firewall (WAF) with default XSS protection settings.