The built-in Request Validation feature in .NET 4.0 can help protect your EPiServer sites from Cross Site Scripting (XSS) attacks.
Here is how you can use Web API in an EPiServer CMS 7 MVC project with dependency injection in the API controllers.
I ran into this problem while I was working on an EPiServer solution at work some time ago. The website had a control that generated links for different language branches in the solution. The control read a query string parameter from the current url to generate the links. It also cached all the links when done. All well so far. When a user visited the site, the control checked if the list of links where in the cache, and if so, served them out to the user.
After having spent a bit og time trying to figure out why IFrame-based Google custom Search didn't display properly, I finally found the solution. And ohh so simple it can be sometimes....