If you are going to dump user generate input into XML please remember to escape appropriately. For example, the ampersand symbol has special meaning in XML and you must escape it. e.g. & becomes &
If you are going to dump user generate input into XML please remember to escape appropriately. For example, the ampersand symbol has special meaning in XML and you must escape it. e.g. & becomes &
The Blog of Colin Mackay 
Actually it depends where you store it. If it’s in an attribute the rules can be different. Luckily a little project called AntiXSS has XmlEncode and XmlAttributeEncode already done for you … :)Or you can be boring and use an XMLTextWriter.