Reputation: 13612
Javascript injection Prevention: where do I start?
I'm working on a new web site (ASP.NET, Web Forms, C#) and need to include protection against Javascript injection attacks. Does anyone have any good links for how to implement a site secure against these types of attacks?
Thanks
Upvotes: 1
Views: 2135
Answers (2)
Reputation: 35580
Cross-site scripting (XSS) is the name of the vulnerability you are concerned about. Read up on it at OWASP and consult their XSS Prevention Cheat Sheet
While you are there, have a browse through their Top Ten most common web application vulnerabilities and consider other attacks/weaknesses you need to protect yourself from.
Upvotes: 0
Reputation:
You need to deploy proper input valdiation on anything you read in from your clients.
OWASP has a great summary of this here:
https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
Basically, you're going to want to build up a whitelist (normally some regexs for everything that users should be able to sent/submit to your application) and then only accept the whitelist. A good practice is to do this, but throw a blacklist in front of the whitelist Basically, look for known-bad things like Javascript script tags, and reject them (this is the blacklist part). Then pass what got though there to make sure content that you should be seeing and can safely handle and only allow it though if it is.
Upvotes: 2
Related Questions
- Javascript injection attack prevention for textboxes
- How to prevent script injection attacks
- Preventing JavaScript Injections
- Preventing Javascript and XSS attacks
- Server Side JavaScript Code Injection Attack
- How to prevent JavaScript Injection Attacks
- Securing against JS injection with ASP.NET MVC
- handle javascript injection in asp.net mvc
- Questions about Javascript injection
- External JavaScript Injection