Should we prevent XSS attacks for forms?

Few minutes ago I almost crashed one of the demo page by simple XSS script. Current validators provide possibility to perform not only XSS but SQL injection in perspective too. To avoid this troubles can we add regexp validation for String fields? Specifically we need to prevent inpution of special symbols like “<>|”, or to escape them in database presentation.

Seems that in openMRS v1.11.x this bug was fixed ) link But on the demo still deployed v1.10.x

I have set up on my environment openMRS v1.11.x and test it. The vulnerability of name fields have been fixed, but there is still vulnerable address field which allow to perform XSS attack: 1. 2. 3.

Of course now the page is not crashing :slight_smile: , but it still exists vulnerability. Tomorrow I will fix it)