Talk:HTML Injection

I don't agree on the Related Controls, the XSS prevention cheat sheet does not solve examples where e.g. content is given in parameters etc. Validation might work somewhat, but plaintext parameter values would be solved by refactoring and doing indirect references to content.