Hello.

I've just finished creating a proxy script that allows access to the Yahoo Content Analysis API Term Extraction service from any browser, bypassing cross-site scripting issues. It works by taking a POST request, forwarding it to Yahoo, and returning the XML response. The code (Perl) is included in the post, and I've successfully tested it with IE6, IE7, and Firefox. Feel free to email me if you have any questions.

I've been pondering an ASP.Net security concern: while it blocks potentially harmful querystring characters by default, turning this off puts the onus of validation on developers. I'm exploring the idea of a declarative approach to query parameter validation, where developers define predicates (like data types) for expected parameters within the Page Class definition itself. This could simplify validation and ensure data is HTML-safe before reaching the developer. This would streamline validation compared to using custom validators. I'm considering the benefits and implementation details of such an approach.