ubiquitin writes: Web application security researcher Arian Evans has posted previously unrelease details of Microsoft's.NET 1.1 string validation routines. This includes anti cross site scripting request validation routines as well as a more generic ValidateString method. Such disclosure is expedient for all appsec researchers wishing to find holes in.NET applications.
"If you want to eat hippopatomus, you've got to pay the freight."
-- attributed to an IBM guy, about why IBM software uses so much memory