| ||
Do check all web-based input for validity and trustworthiness .
Do HTML encode all output originating from user input.
Do not echo web-based input without checking for validity first.
Do not store sensitive data in cookies.
Consider using as many extra defenses as possible.