Click here to Skip to main content
15,936,903 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi Team,
working on to fix the issue of Cross Side Scripting in asp.net with c# application.
and team is trying to inject the CSS as %uff1cscript%uff1ealert%uff08123456%uff09%uff1c/script%uff1e. but I am facing issue to encode the text to html format but its not updating.

What I have tried:

tried using antixss library to encode buts not working using burp tool
Posted
Updated 6-Nov-19 22:53pm

1 solution

Maybe this helps: https://medium.com/@bluedesk09/5-tips-for-preventing-cross-site-scripting-xss-vulnerabilities-in-asp-net-web-applications-5589d0ec69b6[^]
Quote:
before inserting untrusted data into HTML attributes, the method AntiXSS.HtmlAttributeEncode should be used
 
Share this answer
 
Comments
srinihan 7-Nov-19 6:39am    
Hi RickZeeland

Thanks for the response but I am working on the server side code and would like to encode the input %uff1cscript%uff1ealert%uff08123456%uff09%uff1c/script%uff1e before saving the data
Richard Deeming 8-Nov-19 14:28pm    
That's not a good idea. The required encoding will vary depending on where the data is being displayed - HTML content, and HTML attribute, a JavaScript string, etc.

You should store the data as entered, and encode when you display it using the correct encoding for output context.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900