Last post Jan 19, 2013 12:44 PM by ramramesh
Jan 19, 2013 10:00 AM|Praneet Rane|LINK
In addition to HTML encode I want to apply validation to prevent from XSS attack.User can not enter </ etc.
Jan 19, 2013 12:33 PM|Rion Williams|LINK
HTML Encoding is an excellent way to start protecting your site , as it will encode a majority of HTML and scripting-related input. You may also want to take a look at implementing
ValidateRequest within your pages to warn if dangerous content could be passed through.
If you want to look into further measures to protect your site, check out
Microsoft's Anti-Cross Site Scripting page.
What You Can Do About It
In addition to performing HTML Encoding, you should be encoding based on the type of content that you may be recieving, such as encoding possible scripts according to their type.
Microsoft has an Anti-XSS library for .NET that you may want to consider using in your project to handle some of these operations :
Microsoft Anti-Cross Site Scripting Library
For Additional Information About XSS
The page details several other types of protect that you can implement on your site to help secure your site against XSS attacks. A few other resources you should consider if you want to know more about protecting your site can be found below :
Will HTML Encoding Prevent XSS Attacks
The XSS Filter Evasion Cheat Sheet from OWASP
XSS Prevention Cheat Sheet from OWASP
Jan 19, 2013 12:36 PM|geniusvishal|LINK
Refer this article:
Jan 19, 2013 12:44 PM|ramramesh|LINK