XSS filtering on output... is that OK?

Question

I'm planning to run XSS filtering on output only so no matter what I still have the original data.

I'm using parameterized queries so I guess I'm immune against SQL injections.

What do you guys think of this approach?

I think it's great, but maybe you should turn this into more of a specific question. What do you guys think is not a question, try to address what you're worried about at least. It sounds like you may be on the right path. — Wesley Murch, Jan 15 '12 at 06:55
@Madmartigan I wish I can be more specific but I'm just afraid I'm missing something crucial that I'm not aware of. — oaziz, Jan 15 '12 at 07:01

score 2 · Accepted Answer · edited May 23 '17 at 12:12

2

XSS filtering on output… is that OK?

Yes.

I'm using parameterized queries so I guess I'm immune against SQL injections.

Not entirely. See this my answer for the details

edited May 23 '17 at 12:12

Community

answered Jan 15 '12 at 07:19

Your Common Sense

1 Answers1