Delete comment from: Jeremiah Grossman

Jeremiah Grossman said...

Both regex's take special characters and convert them into HTML entities. Basically so the dat can't execute as HTML.

Oct 29, 2007, 4:50:00 PM

Posted to Input validation or output filtering, which is better?