Antixss decoding
-
Tuesday, June 26, 2012 12:42 PM
Hi,
I have a asp.net 3.5 application with at textbox that i enter a value <fef>@t<es>f.com I am trying to test a cross-side scripting attack.
I hit submit and let the page post back. once the page has completed post back. I do a view source and see that the greater than(>) sign is decoded but the lessthan(<) isnt. Can anyone help me solve this issue. I have referenced antixss 4.2.1 and using the 3.5 framework version antixss dll. I know in 4.0 and i have tested that we have to add httpruntime keys for antixss and the issue is resolved. and it looks good. But again in 3.5 same issue. Is there something i am missing?? Thanks is advanced for any responses
Cheers
All Replies
-
Monday, July 16, 2012 10:38 PMModerator
In 3.5 you will need to call AntiXSS directly when setting properties on asp.net controls; for example
control.Text = Microsoft.Security.Application.AntiXss.HtmlEncode(myVariable)
- Proposed As Answer by SDL TeamModerator Monday, July 16, 2012 10:39 PM
- Marked As Answer by SDL TeamModerator Tuesday, August 07, 2012 11:12 PM
