Some time ago, Mark Pilgrim wrote about the problems of checking XML validity in web clients. I’ve only just come across his post, and I have to disagree, at least in part.
He points out that bad things happen if someone adds invalid XML to your page via a comment form. This is true, of course. However, the correct thing to do would be to prevent people from posting invalid XML. The web application, in this case, is the client (it is receiving XML from another machine), and therefore it should check the validity before posting it. Unless you’re completely stark raving mad, you’re checking the contents of incoming comments anyway (automatically, manually, or both), because otherwise you get hundreds of viagra adverts and cross-site scripting attacks. Why should you block those but allow badly-formed XML that would be just as certain to cause problems for you and your readers?