Reputation: 4607
Does an ASP.NET application protect against cross-site scripting by default? I have read that the machine.config file has an attribute that is set to on by default and this protects against cross-site scripting? Is this true?
Upvotes: 0
Views: 492
Reputation: 3670
<system.web>
<pages buffer="true" validateRequest="true" />
</system.web>
you can use antxss library as addition
Upvotes: 1