Cross-site scripting (XSS)
Validating client data
Escaping data used in SQL statements
Escaping data used in shell commands
Preventing cross-site scripting attacks
Data filtering, the process of validating data and filtering out that which is invalid, is arguably the cornerstone of Web application security. The basic premise is quite simple: Never trust foreign data, especially data from the client.
There are two fundamentally different approaches ...