Did you know that ASP.NET v1.1 automatically checks for possible scripting attacks when users enter info into you forms? I didn’t! I learned it in my prep for my DevDays session.
(with Errors =”Off” in web.config) results in this: (click to enlarge)
This protection is on by default. It is controlled in a few places. See this article on Microsoft’s ASP.NET site for more details.