Last post May 25, 2017 08:12 AM by EvenMa
May 24, 2017 08:33 AM|sivapooja|LINK
Any latest way to prevent cross site scripting in asp.net website
.Net Framework version 4.0
May 24, 2017 08:59 AM|PatriceSc|LINK
Which "current" way are you using? Also this is web forms, MVC etc... ?
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet The basic idea is that this is not a single measure or even something you can even really reach. It's rather about closing more and more doors...
May 24, 2017 09:28 AM|sivapooja|LINK
May 25, 2017 08:12 AM|EvenMa|LINK
To prevent cross-site scripting ,you can change it like the following code:
Label1.Text = HttpUtility.HtmlEncode("<script>alert(1);</script>");
Suppose someone write the comment as "<script>alert(1);</script>",in web form ,you might display the comment use the following code:
Label1.Text = "<script>alert(1);</script>";
Then the page will be rendered on browser such like this:
The script in label1 will be executed by browser, so others could use this bug to execute dangerous scripts to attack your site.
About more details how to prevent cross-site scripting in web form, you could refer to the following link.
If you have any other questions, please feel free to contact me any time.