How does a Cross-Site Scripting (XSS) attack work, and what measures can you take to prevent it in a modern single-page application?