Good article, it addresses a problem that is overlooked way too often. From the article...

The key to solving cross-site scripting attacks is to never, ever trust data that comes from the web browser. Any input data should be considered guilty unless proven innocent.

Couldn't have said it better myself. For more information on the subject consult Essential CGI Security Practices :)