I am trying to prevent cross site scripting and I am told I need to filter metacharacters from user input.
I am using IIS 7.5 and It seams this should be done in the default site > request filtering section. I get to" request filtering > rules > Add filtering rule", I check "Scan query string" and give the rule a name but I am lost from there. I assume I add to the deny strings section and add the meta characters but do I add one to each line, all in one line or what.
Any help will be greatly appreciated.