Summary
Because of XSS bugs, Web input is dangerous, especially for your users and your reputation. Don't trust any input from the user; always look for well-formed data, and reject everything else. If you are paranoid, you should consider adding extra defensive mechanisms to your Web pages. Don't just focus on dynamic Web content; you should review all HTML and HTML-like files for XSS bugs.