Burhan Khan
Reputation: 33
How to prevent our URL from Cross-site scripting (XSS)?
Please suggest me the best way to stop Cross-site scripting (XSS) through URL.
For Example see below URL and after affect of this attack.
https://example.com/questions/ask.aspx?hf=15315%27%3balert("XSS")%2f%2f150
and after this an alert has been occur on browser.
Upvotes: 3
Views: 6404
Answers (2)
William
Reputation: 591
For ASP.NET, you could use the System.Web.Security.AntiXssEncoder to wrap the text in HtmlEncode. This should prevent malicious actors from saving scripts to your database that would execute in a browser.
entity.SomeValue = AntiXssEncoder.HtmlEncode(model.SomeValue);
Upvotes: 1
Jerome Anthony
Reputation: 8041
Validate the http input request parameter, before using it as parameter or rendering in a returned page. You may be able to whitelist values for your parameter as well.
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Upvotes: 0
Related Questions
- Cross Site Scripting (XSS) Prevention on C#
- Preventing XSS (Cross-site Scripting)
- How to prevent cross-site scripting using javascript
- How to prevent XSS in Asp.NET
- How to solve Reflected Cross-Site Scripting (XSS) Vulnerabilities in HTML/aspx site
- XSS protection with URL encode
- Secure URL/application
- Protecting my self from cross-site scripting
- How to avoid Cross site scripting in ASP.NET
- Prevent Javascript in URL attacks (asp.net)