Last post Sep 04, 2009 11:01 AM by jsogolov
Sep 03, 2009 03:17 PM|jsogolov|LINK
1. Can someone explan how encoding helps with XSS? For example, I have a dropdown with 100 values and the user chooses number 50. So are all values encoded then? Can't the attacker do his own encoding and put it back into the dropdown? Please elaborate.
2. Can one use this library for non-ASP.NET webform application, can you use it for a custom MVC framework with custom views built on top of ASP.NET? Basically not using asp.net controls
Sep 04, 2009 05:13 AM|qwe123kids|LINK
This very basic example:-
if U response.write("<script> alert('MyInfo')</script>");
it will Give alert..
if U use Htmlencode then
encod lin thenit will Not execute as javascipt..
U should santizethe information properly..
chk the link for More info
Sep 04, 2009 11:01 AM|jsogolov|LINK
I've seen these links before but thank you for responding. I'm still looking for an answer to my 2nd question but the 1st is still a bit fuzzy. So what gets encoded? Only script tag? seems like every site talks about the same example and none are real world
Thank you in advance.