|
From: | Maciek Plewa |
Subject: | [Pnet-developers] Fwd: .NET custom Textbox control |
Date: | Sat, 17 Jul 2004 16:05:01 +0800 |
This is a forwarded message From: Arian J. Evans <address@hidden> To: <address@hidden> Date: Thursday, July 15, 2004, 12:41:50 PM Subject: .NET custom Textbox control ===8<==============Original message text=============== et al, For the .NET crowd, here's a nice little custom reusable Textbox control that will provide automatic HTML encoding to help mitigate the risk of XSS on user-supplied input fields: http://www.ddj.com/documents/s=9209/ddj20040709asp/ Obviously there are other, better ways to do this like strongly Typing your data and then calling the .NET regex validators to enforce type... But this is still a quick and easy way to get to get that LCD of webapp vulnerabilities: XSS on unsanitized user-supplied input fields. Cheers, Arian ===8<===========End of original message text=========== -- Best regards, Maciek mailto:address@hidden
--- Begin Message ---Subject: .NET custom Textbox control Date: Wed, 14 Jul 2004 23:41:50 -0500 et al, For the .NET crowd, here's a nice little custom reusable Textbox control that will provide automatic HTML encoding to help mitigate the risk of XSS on user-supplied input fields: http://www.ddj.com/documents/s=9209/ddj20040709asp/ Obviously there are other, better ways to do this like strongly Typing your data and then calling the .NET regex validators to enforce type... But this is still a quick and easy way to get to get that LCD of webapp vulnerabilities: XSS on unsanitized user-supplied input fields. Cheers, Arian
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |