When using a combo box, that would display a value and the value is something like <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>, what is the best way to filter or encode this so that it doesn't break the combo box?
The velow is an image link to what the issue looks like.