>>Easy to say than do :) Though you can just test each Request. I played with this suggestion already, but I noticed slowness and also couple of our pages started to re-direct, so I removed some strings from the tested input...
>
>Then just do not allow these chars to be typed?
Not sure it would be easy using Regular Expressions validators, but we may play with this as well.
If it's not broken, fix it until it is.
My Blog