Reputation: 4053
Do I need to sanitize input from ASP.NET MembershipProvider controls?
I'm using various ASP.NET controls out of the box such as the CreateUserWizard control, Login control etc... For custom controls, I have sanitized my inputs by making sure they conform to expected values. However, is this required for the controls such as the CreateUserWizard control, or is that handled internally? Do I need to provide any extra server side validation to these controls and, if so, would it be best to do it in the "CreateUserWizardControl_CreatingUser" event? Thanks
Upvotes: 1
Views: 1258
Answers (2)
Reputation: 6005
If you have request validation enabled then form data with script tags will generate an error automatically.
Upvotes: 0
Reputation: 15253
If input is coming from any form, then treat it as suspect. I've included some links here that may help you:
http://www.codersbarn.com/post/2008/11/01/ASPNET-Data-Input-Validation.aspx
Upvotes: 1
Related Questions
- Is password input sanitization required?
- in asp.net, if i'm using the ValidatorControls, do I still need to use the anti xss library?
- Is Sanitizing user input necessary when Request Validation is already on guard
- Sanitize registration input?
- Input sanitization with MVC Razor - how to be safe?
- User input sanitisation in asp.net
- If I'm using ASP.net controls with requestvalidation, XSS should be prevented right?
- What to do for input sanitization?
- asp.net sanitizing user input
- What are basic ASP.NET form security practices?