Antixss decoding
-
2012년 6월 26일 화요일 오후 12:42
Hi,
I have a asp.net 3.5 application with at textbox that i enter a value <fef>@t<es>f.com I am trying to test a cross-side scripting attack.
I hit submit and let the page post back. once the page has completed post back. I do a view source and see that the greater than(>) sign is decoded but the lessthan(<) isnt. Can anyone help me solve this issue. I have referenced antixss 4.2.1 and using the 3.5 framework version antixss dll. I know in 4.0 and i have tested that we have to add httpruntime keys for antixss and the issue is resolved. and it looks good. But again in 3.5 same issue. Is there something i am missing?? Thanks is advanced for any responses
Cheers
모든 응답
-
2012년 7월 16일 월요일 오후 10:38중재자
In 3.5 you will need to call AntiXSS directly when setting properties on asp.net controls; for example
control.Text = Microsoft.Security.Application.AntiXss.HtmlEncode(myVariable)
- 답변으로 제안됨 SDL TeamModerator 2012년 7월 16일 월요일 오후 10:39
- 답변으로 표시됨 SDL TeamModerator 2012년 8월 7일 화요일 오후 11:12
