diff --git a/src/Umbraco.Core/StringExtensions.cs b/src/Umbraco.Core/StringExtensions.cs
index 13cb906786..9c230f56ff 100644
--- a/src/Umbraco.Core/StringExtensions.cs
+++ b/src/Umbraco.Core/StringExtensions.cs
@@ -63,6 +63,19 @@ namespace Umbraco.Core
             return mName;
         }
 
+        /// <summary>
+        /// Cleans string to aid in preventing xss attacks.
+        /// </summary>
+        /// <param name="input"></param>
+        /// <returns></returns>
+        internal static string CleanForXss(this string input)
+        {
+            //remove any html
+            input = input.StripHtml();
+            //strip out any potential chars involved with XSS
+            return input.ExceptChars(new HashSet<char>("*?(){}[];:%<>/\\|&'\"".ToCharArray()));
+        }
+
         public static string ExceptChars(this string str, HashSet<char> toExclude)
         {
             var sb = new StringBuilder(str.Length);
diff --git a/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltChooseExtension.aspx b/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltChooseExtension.aspx
index 2540c5290a..0700ee1c91 100644
--- a/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltChooseExtension.aspx
+++ b/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltChooseExtension.aspx
@@ -14,7 +14,7 @@
                 result = result.substring(0, result.length - 2);
             result = result + ")";
             
-            document.location = 'xsltInsertValueOf.aspx?objectId=<%=Request.GetCleanedItem("objectId")%>&value=' + result;
+            document.location = 'xsltInsertValueOf.aspx?objectId=<%=Request.CleanForXss("objectId")%>&value=' + result;
         }
     </script>
 
diff --git a/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltInsertValueOf.aspx b/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltInsertValueOf.aspx
index 4a206a04b2..576cd6dff2 100644
--- a/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltInsertValueOf.aspx
+++ b/src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltInsertValueOf.aspx
@@ -14,13 +14,13 @@
     result = '<xsl:value-of select="' + document.getElementById('<%= valueOf.ClientID %>').value + '"' + checked + '/>';
 
     UmbClientMgr.contentFrame().focus();
-    UmbClientMgr.contentFrame().UmbEditor.Insert(result, '', '<%=Request.GetCleanedItem("objectId")%>');
+    UmbClientMgr.contentFrame().UmbEditor.Insert(result, '', '<%=Request.CleanForXss("objectId")%>');
 
     UmbClientMgr.closeModalWindow();
   }
 
   function getExtensionMethod() {
-    document.location = 'xsltChooseExtension.aspx?objectId=<%=Request.GetCleanedItem("objectId")%>';
+    document.location = 'xsltChooseExtension.aspx?objectId=<%=Request.CleanForXss("objectId")%>';
   }
 
   function recieveExtensionMethod(theValue) {
diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/create.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/create.aspx
index 17b231f923..686c781386 100644
--- a/src/Umbraco.Web.UI/umbraco/dialogs/create.aspx
+++ b/src/Umbraco.Web.UI/umbraco/dialogs/create.aspx
@@ -34,14 +34,14 @@
 		}
 		
 		function onNodeSelectionConfirmed() {
-		    document.location.href = 'create.aspx?nodeType=<%=Request.GetCleanedItem("nodeType")%>&app=<%=App%>&nodeId=' + document.getElementById('nodeId').value
+		    document.location.href = 'create.aspx?nodeType=<%=Request.CleanForXss("nodeType")%>&app=<%=App%>&nodeId=' + document.getElementById('nodeId').value
 		}
 	
     </script>
 
 </asp:Content>
 <asp:Content ContentPlaceHolderID="body" runat="server">
-    <input type="hidden" id="nodeId" name="nodeId" value="<%=Request.GetCleanedItem("nodeId")%>" />
+    <input type="hidden" id="nodeId" name="nodeId" value="<%=Request.CleanForXss("nodeId")%>" />
     <input type="hidden" id="path" name="path" value="" runat="server" />
     <cc1:Pane ID="pane_chooseNode" runat="server" Style="overflow: auto; height: 250px;">
         <umbraco:TreeControl runat="server" ID="JTree" App='<%#App %>'
diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx
index eeacb6a936..8b6010445f 100644
--- a/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx
+++ b/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx
@@ -73,8 +73,8 @@
     
     <%if (Request["macroID"] != null || Request["macroAlias"] != null) {%>
     
-    <input type="hidden" name="macroID" value="<%=Request.GetCleanedItem("macroID")%>" />
-    <input type="hidden" name="macroAlias" value="<%=Request.GetCleanedItem("macroAlias")%>" />
+    <input type="hidden" name="macroID" value="<%=Request.CleanForXss("macroID")%>" />
+    <input type="hidden" name="macroAlias" value="<%=Request.CleanForXss("macroAlias")%>" />
     
     <div class="macroProperties">
       <cc1:Pane id="pane_edit" runat="server">
diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx
index 683b940f99..43f17f096b 100644
--- a/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx
+++ b/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx
@@ -16,9 +16,9 @@
 				if (id > 0)
 						umbraco.presentation.webservices.CMSNode.GetNodeName('<%=umbracoUserContextID%>', id, updateName);
 				else{
-					//document.getElementById("pageNameContent").innerHTML = "'<strong><%=umbraco.ui.Text(Request.GetCleanedItem("app"))%></strong>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>";
+					//document.getElementById("pageNameContent").innerHTML = "'<strong><%=umbraco.ui.Text(Request.CleanForXss("app"))%></strong>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>";
 			    
-					jQuery("#pageNameContent").html("<strong><%=umbraco.ui.Text(Request.GetCleanedItem("app"))%></strong> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>");
+					jQuery("#pageNameContent").html("<strong><%=umbraco.ui.Text(Request.CleanForXss("app"))%></strong> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>");
 					jQuery("#pageNameHolder").attr("class","success");
 			  }
 			}
@@ -59,7 +59,7 @@
 	<cc1:Feedback ID="feedback" runat="server" />
 	<cc1:Pane ID="pane_form" runat="server" Visible="false">
 		<cc1:PropertyPanel runat="server" Style="overflow: auto; height: 220px;position: relative;">
-			<umbraco:TreeControl runat="server" ID="JTree" App='<%#Request.GetCleanedItem("app") %>'
+			<umbraco:TreeControl runat="server" ID="JTree" App='<%#Request.CleanForXss("app") %>'
                 IsDialog="true" DialogMode="id" ShowContextMenu="false" FunctionToCall="dialogHandler"
                 Height="200"></umbraco:TreeControl>
 		</cc1:PropertyPanel>
diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx
index 915d480366..b6d2014fea 100644
--- a/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx
+++ b/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx
@@ -72,8 +72,8 @@
                 submitButton: jQuery("#submitButton"),
                 closeWindowButton: jQuery("#closeWindowButton"),
                 dateTimeFormat: "<%=CultureInfo.CurrentCulture.DateTimeFormat.ShortDatePattern%> <%=CultureInfo.CurrentCulture.DateTimeFormat.ShortTimePattern%>",
-                currentId: "<%=Request.GetCleanedItem("ID")%>",
-                serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=Request.GetCleanedItem("app")%>"
+                currentId: "<%=Request.CleanForXss("ID")%>",
+                serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=Request.CleanForXss("app")%>"
             });
 
             sortDialog.init();
diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx
index 89999a5977..49540b3aad 100644
--- a/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx
+++ b/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx
@@ -14,7 +14,7 @@
                     submitButton: $("#submitButton"),
                     form: document.forms[0],
                     tagName: document.forms[0].<%= tagName.ClientID %>.value,
-                    objectId: '<%=Request.GetCleanedItem("objectId")%>'
+                    objectId: '<%=Request.CleanForXss("objectId")%>'
                 });
                 umbracoField.init();
             });            
diff --git a/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx b/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx
index 0e935b4ed5..b6017824f4 100644
--- a/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx
+++ b/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx
@@ -106,8 +106,8 @@
     <input type="hidden" name="macroMode" value="<%=Request["mode"]%>" />
     <%if (Request["umb_macroID"] != null || Request["umb_macroAlias"] != null)
       {%>
-    <input type="hidden" name="umb_macroID" value="<%=Request.GetCleanedItem("umb_macroID")%>" />
-    <input type="hidden" name="umb_macroAlias" value="<%=Request.GetCleanedItem("umb_macroAlias")%>" />
+    <input type="hidden" name="umb_macroID" value="<%=Request.CleanForXss("umb_macroID")%>" />
+    <input type="hidden" name="umb_macroAlias" value="<%=Request.CleanForXss("umb_macroAlias")%>" />
     <% }%>
     <ui:Pane ID="pane_edit" runat="server" Visible="false">
         <div class="macroPane">
diff --git a/src/Umbraco.Web/HttpRequestExtensions.cs b/src/Umbraco.Web/HttpRequestExtensions.cs
index 5a71348c2a..e700f96571 100644
--- a/src/Umbraco.Web/HttpRequestExtensions.cs
+++ b/src/Umbraco.Web/HttpRequestExtensions.cs
@@ -17,13 +17,10 @@ namespace Umbraco.Web
         /// <param name="request"></param>
         /// <param name="key"></param>
         /// <returns></returns>        
-        public static string GetCleanedItem(this HttpRequest request, string key)
+        public static string CleanForXss(this HttpRequest request, string key)
         {
             var item = request.GetItemAsString(key);
-            //remove any html
-            item = item.StripHtml();
-            //strip out any potential chars involved with XSS
-            return item.ExceptChars(new HashSet<char>("(){}[];:%<>/\\|&'\"".ToCharArray()));
+            return item.CleanForXss();
         }
 
 		/// <summary>
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
index 8317f8ab5d..a938935d2b 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
@@ -1,4 +1,5 @@
 ﻿using Umbraco.Core.Logging;
+using Umbraco.Web;
 
 namespace dashboardUtilities
 {
@@ -32,10 +33,10 @@ namespace dashboardUtilities
                                 {
                                     var response = client.DownloadString(requestUri);
 
-                                    if (!string.IsNullOrEmpty(response))
+                                    if (string.IsNullOrEmpty(response) == false)
                                     {
                                         Response.Clear();
-                                        Response.ContentType = Request.QueryString["type"] ?? MediaTypeNames.Text.Xml;
+                                        Response.ContentType = Request.CleanForXss("type") ?? MediaTypeNames.Text.Xml;
                                         Response.Write(response);
                                     }
                                 }
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
index de7dbd62f7..b58dbc3836 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
@@ -14,6 +14,7 @@ using System.Collections.Specialized;
 using Umbraco.Core;
 using Umbraco.Core.IO;
 using Umbraco.Core.Models;
+using Umbraco.Web;
 using Umbraco.Core.PropertyEditors;
 using umbraco.BusinessLogic;
 using System.Collections.Generic;
@@ -43,7 +44,7 @@ namespace umbraco.developer
                 if (Request.QueryString["type"] == null)
                 {
                     isUserControl = true;
-                    var fileName = Request.QueryString["fileName"];
+                    var fileName = Request.CleanForXss("fileName");
                     if (!fileName.StartsWith("~"))
                     {
                         if (fileName.StartsWith("/"))
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/create.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/create.aspx.cs
index 761c9cbe2c..a3da4846b3 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/create.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/create.aspx.cs
@@ -38,7 +38,7 @@ namespace umbraco.dialogs
             {
                 if (_app == null)
                 {
-                    _app = Request.GetCleanedItem("app");
+                    _app = Request.CleanForXss("app");
                     //validate the app
                     if (BusinessLogic.Application.getAll().Any(x => x.alias.InvariantEquals(_app)) == false)
                     {
