Remove From My Forums

ASP.NET Cross-site scripting (XSS) prevention with rich-text editor data

Question
0

Sign in to vote

User69003606 posted

I am using a rich-text editor on a site to create data that is stored in my database. This means that I have to store encoded html in the database rather than encode on output.

PHP seems to have a number of tools that validate form-input html, and check if the entered data is vulnerable to a cross-scripting attack.

Is there anything like this for asp.net?

Cheers,

Peter

Monday, March 3, 2008 7:37 PM

Answers

0

Sign in to vote
User-186742165 posted

Hi

All User Input Data is dangerous, Therefore, all the aspx page will.ValidateRequest by default, It prevent your site from stop working because of exposing to one of the most common type of attack.

There is also "Anti-Cross Site Scripting Library" which can be used to protect users from Cross-Site Scripting (XSS) attacks. Hope it helps
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, March 5, 2008 2:39 AM

All replies

0

Sign in to vote
User-186742165 posted

Hi

All User Input Data is dangerous, Therefore, all the aspx page will.ValidateRequest by default, It prevent your site from stop working because of exposing to one of the most common type of attack.

There is also "Anti-Cross Site Scripting Library" which can be used to protect users from Cross-Site Scripting (XSS) attacks. Hope it helps
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, March 5, 2008 2:39 AM
0

Sign in to vote

User130468220 posted

1. For Query String:

   Server.HtmlEncode(Request.QueryString["name"].Trim())

2. For Request:

   HttpUtility.HtmlEncode(TxtName.Text.Trim())

3. Use Everytimes While Button Click

   if(Page.IsPostBack)
   {
      // Your Code
   }

4. Use Serverside Validation

Sunday, December 14, 2008 8:33 PM