 
                            Many applications employ input filtering and validation mechanisms that black-list characters. For example, an application may not want to accept <script> tags to avoid vulnerabilities such as Cross Site Scripting (XSS). Such Although such black-listing mechanisms are insufficient by themselves, when implemented, validation must be performed after normalizing the input.
...