Matthew
Matthew

Reputation: 4607

Cross-site scripting and ASP.NET

Does an ASP.NET application protect against cross-site scripting by default? I have read that the machine.config file has an attribute that is set to on by default and this protects against cross-site scripting? Is this true?

Upvotes: 0

Views: 492

Answers (1)

qwr
qwr

Reputation: 3670

<system.web>
  <pages buffer="true" validateRequest="true" />
</system.web>

you can use antxss library as addition

Upvotes: 1

Related Questions