aleksl - 9:59 pm on Dec 12, 2011 (gmt 0)
Actually no I don't mix apples and oranges. We were attacked on search field (built by a vendor, BTW), and on customer service form with a text area just like this on the forum.
Obviously my code does specific filtering at field levels in the actual application itself
That is what I was referring to when I said "extensive and expensive". Because you have to build this infrastructure in, so if it isn't already present it is an extensive application mod (granted that it is an application and not 10 scripts , a template and 100 zillion pages of content).
I agree that some blackbox testing should be available.