Is there a way to filter out the html event handlers and other scripts from the query string

Aug 5, 2011 at 9:49 AM

I would like to have my Query String of my URL sane as i sent it with ways to prevent the user from attempting an attack by setting some content like " onmouseout=prompt(456464)"  as the value for the name value collection in my query string. 

Does this library take care of this too.. else is there a work around..

Aug 5, 2011 at 2:23 PM

It's not something either the SRE or AntiXSS does, and I don't see any useful way to do it - those could be legitimate, and if you encode that input correctly it's not going to actually work.