Antixss decoding
-
26 Haziran 2012 Salı 12:42
Hi,
I have a asp.net 3.5 application with at textbox that i enter a value <fef>@t<es>f.com I am trying to test a cross-side scripting attack.
I hit submit and let the page post back. once the page has completed post back. I do a view source and see that the greater than(>) sign is decoded but the lessthan(<) isnt. Can anyone help me solve this issue. I have referenced antixss 4.2.1 and using the 3.5 framework version antixss dll. I know in 4.0 and i have tested that we have to add httpruntime keys for antixss and the issue is resolved. and it looks good. But again in 3.5 same issue. Is there something i am missing?? Thanks is advanced for any responses
Cheers
Tüm Yanıtlar
-
16 Temmuz 2012 Pazartesi 22:38Moderatör
In 3.5 you will need to call AntiXSS directly when setting properties on asp.net controls; for example
control.Text = Microsoft.Security.Application.AntiXss.HtmlEncode(myVariable)
- Yanıt Olarak Öneren SDL TeamModerator 16 Temmuz 2012 Pazartesi 22:39
- Yanıt Olarak İşaretleyen SDL TeamModerator 07 Ağustos 2012 Salı 23:12
