This is really interesting, because if you type <script>alert('somebody was here!');</script> in the browser, the ASP.NET will automatically validate the request. HttpRequest.get_QueryString() will be called and then HttpRequest.ValidateString which will thrown an error.
You can additionally protect the website by using some client side validation on the TextBox control inside Sitefinity/ControlTemplates/Search/SearchBox.ascx
the Telerik team
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Telerik Public Issue Tracking
system and vote to affect the priority of the items