How to prevent cross site scripting in query string?

Question

User1224379429 posted

Hi

I am passing language chosen by user as query string ?Lang=En. How to prevent cross site scripting in query string?

Thanks

Answer 1

User-1509636757 posted

From your question; I understood you want to secure QueryString that you passed in URL. If this is correct, then you may search for how you can encrypt and decrypt QueryString in ASP.NET. Then are many ways to do it. I suggest you refer on how you can use HttpModule for query string encryption

Here are more alternatives:

1. Asp.Net Encrypt and Decrypt QueryString Parameter Values
2. c# - Encrypt Query String including keys - Stack Overflow
3. Encrypt and Decrypt QueryString Parameter Values in ASP.Net using C# and VB.Net

Answer 2

User-707554951 posted

Hi Aristocrat Khan

The two most important countermeasures to prevent cross-site scripting attacks are to:

1.Constrain input.

2.Encode output.

For your case, it is need for you to encode URL parameters

For more information, please refer to the following links:

https://msdn.microsoft.com/en-us/library/ff649310.aspx

https://www.codeproject.com/Articles/573458/An-Absolute-Beginners-Tutorial-on-Cross-Site-Scrip

https://www.codeproject.com/Articles/617043/Hack-Proof-Your-ASP-NET-Application-From-Cross-Sit

http://www.c-sharpcorner.com/article/cross-site-scripting-xss-attack-and-its-prevention-mechanism/

Best Regards

Cathy