PL/SQL / javascript injection - checking for

Hello everyone,

We are using 9iR2 with mod_plsql.

One of the security risks is javascript injection - where script is appended to the URL

Can anyone point to any useful links where this has been discussed within the mod_plsql world?

In essence, one needs to check (I think) every incoming parameter for the presence of any suspect code and, naturally, I'd like to avoid reinventing  the wheel if at all possible...

cheers

-- 
jeremy



 ============================================================

   ENVIRONMENT:                                             
   Oracle 9iR2 / Oracle HTTP Server / mod_plsql / Solaris 8 


 ============================================================