Validating xml data Live adult chat 35p
Note that you should proceed to validate the resulting numbers as well.
Adopting this strategy means that you will have to maintain the list of "known bad" characters and patterns forever, and you will by definition have incomplete protection.
Unless the business will allow updating "bad" regexes on a daily basis and support someone to research new attacks regularly, this approach will be obviated before long.
Rather than accept or reject input, another option is to change the user input into an acceptable format Any characters which are not part of an approved list can be removed, encoded or replaced.
Some documentation and references interchangeably use the various meanings, which is very confusing to all concerned.
This confusion directly causes continuing financial loss to the organization.
For example, if you use HTML entity encoding on user input before it is sent to a browser, it will prevent most XSS attacks.