I'm slowly but surely working on a site using ASP.NET MVC which will contain a bunch of user-generated content, such as submitted links, comments, markers on a map etc.
I need to know what stuff I need to be mindful of when coding.
Examples being scrubbing User inputs for HTML strings like the script tag, and blocking against SQL injection attacks.
What other key things do I need to be cautious of when considering user input?
Also, are there any readily available algorithms to scrub (and deny) inputs for rude words / porn links etc?
Additionally, what's the best way to do moderation? I'm a lone-developer and doing this in my spare time so I can't afford to be a full-time moderator, and I'd prefer to implement self-moderation for the users, does this work well?
If I was to want a forum, how important is it that I moderate forum posts, and can they be self-moderating?
How much professional moderation is required in StackOverflow for example?
Thanks for any input