It is clear that script injection is a big concern to the
developers and to protect our pages from the hand of hackers we should not
consider only request validation, but also should not forget to use HtmlEncode wherever
applicable. It should be noted that we can disable request validation on a
page-b, we should use proper numeric validation, range validation and avoiding
some characters such as "*", "%", "@", or
"!" in order to prevent script injection.