Improper input validation in Web Applications undermines their security and this may have disastrous consequences for the users. Input data can or cannot be harmful depending on how they are used with regard to the interactions with the clients and the accessed sensitive resources (e.g. databases and files). Existing application frameworks cannot guarantee safe input sanitization with respect to all vulnerabilities. Also, when legacy code is incorporated that was not originally written for the Web, its security hardening is costly and error-prone. We propose a reference monitor inlining approach that treats input injection vulnerabilities as a crosscutting concern. Our monitors enforce high-level security policies for taint propagation control, by weaving checks and repair actions into the untrusted code. Taint policies are specified into JavaMOP, a programming framework for generating runtime monitors, which are weaved into the application through the automated Aspect Oriented Programming process. When monitor design is guided by preliminary static taint analysis, the incurred overhead can be reduced. Further improvements are feasible through JavaMOP's optimizations. As a proof of concept, we present the design and experimental validation of inlined monitors against SQL injection and cross-site scripting attacks.