Hello, I have huge application written in ZendFramework. Earlier everything was fine. As for now it was redesigned and received a lot of new functionalities and options, but I have to defend this software from xss. Variables are taken from a couple sources (webform, Webservices, api, etc.), some of them should be escaped, some not. What do you think, what will be the best method to defend my website, without editing all (2 000 +) files and escaping all echo's ?