What is the way(best practice) to deal with XSS?

Question

I am using ASP.NET and on ASP.NET page has validate attribute which checks for the XSS validations. However i would like to know that is it really sufficient ?

I hav

Answer 1

Check it out: Allowing HTML and Preventing XSS @ shiflett.org

Answer 2

These are the basics:

• Do not allow HTML input
• Always html encode input when displaying it
• Use the AntiXSSLibrary from Microsoft, or a similar library