Ars Technica

Saving/encoding free-form text from webapp in URI?

I have a web application that allows the user to enter a query that gets sent to a backend server for processing. I would like to give the ability to link to this webapp such that the query is ...
Network World

IE URI encoding behavior facilitates XSS attacks, researchers say

An inconsistency in how Microsoft’s Internet Explorer (IE) encodes double quotes in URIs (uniform resource identifiers) can facilitate cross-site scripting (XSS) attacks, researchers from security ...