Do you still believe input validation is enough to fix Cross Site Scripting (XSS)? Billy Hoffman said it best at Schmoocon 2007 (4 years ago!!!) in his talk “JavaScript Malware for a Grey Goo Tomorrow” (fast forward to Q & A, minute 51:45): Person in the audience asks: “You said that AJAX doesn’t really change …