In the traditional .netFramework, to a ceratin extent, the ValidateRequest takes care of sanitizing input. Proper Server side validations make it double safe. However,when I post data to server using JQuery/Jtemplate AJAX, I can add client side Validation, but in the worst condition that can be bypassed/compromised. I usually try to sanitize data, on server, using the following few guidelines.
— Check if any relevant Session is active.
— Use strong dataTypes, if you can, for the input parameters in the WebMethod.
Say I use ‘int’ data type as an input parameter , then I can do a int.Parse(incomingData) & throw the exception. Similarly for dateTime,float etc.
— Use SQLParameter (preferably Stored procedures) which tells SQL Server to interpret the incoming value as plain text & not a SQL command.
— Use HtmlEncode for incoming plain text. You may use regex to get rid of html synatax if you are sure that incoming data should not contain any html tags.
Hope this was usefull. Thanks for reading.