ASP.NET Security

However, I find several cases where the application team deviates from having this directive set to true for some business reasons. For eg. there is a rich text box in the web page which must allow any kind of input data. …

See the original post here:
Mitigating XSS Attacks in ASP.NET Apps