> exploit would be to *VALIDATE* your input as you receive it from the user, and > *ESCAPE* all output to any stream.
Answers have been given already: filter and validate your input, escape your output. Check this: http://xkcd.com/327/ And this: http://ha.ckers.org/xss.html Says: Andreas. >
