It's general error overlooked by developers, that while coding a general text box is given for entering the user details to the form, but its not taken care that, what if user enters the HTML tags into the text box.