How Do I Make My Data Safe To Be Displayed On A Web Page?

We use a text based CRM system. This system we custom built and works fine for internal use. However we are now going to be going live on the internet. The problem we have now is t

Solution 1:

You might want to consult the OWASP Cheat Sheet on Cross Site Scripting Prevention. It boils down to:

• Being aware of the locations where you should not put untrusted data at all
• Being aware of the different ways in which data should be escaped in the different kinds of locations where you can put untrusted data
• Using whitelisting (escaping everything except specified safe characters) instead of blacklisting (only escaping specified unsafe characters)

(Read the entire document, though, rather than relying on this summary...)