Click here to Skip to main content
14,360,161 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hi Team,
working on to fix the issue of Cross Side Scripting in asp.net with c# application.
and team is trying to inject the CSS as %uff1cscript%uff1ealert%uff08123456%uff09%uff1c/script%uff1e. but I am facing issue to encode the text to html format but its not updating.

What I have tried:

tried using antixss library to encode buts not working using burp tool
Posted
Updated 6-Nov-19 23:53pm

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Maybe this helps: https://medium.com/@bluedesk09/5-tips-for-preventing-cross-site-scripting-xss-vulnerabilities-in-asp-net-web-applications-5589d0ec69b6[^]
Quote:
before inserting untrusted data into HTML attributes, the method AntiXSS.HtmlAttributeEncode should be used
   
Comments
srinihan 7-Nov-19 6:39am
   
Hi RickZeeland

Thanks for the response but I am working on the server side code and would like to encode the input %uff1cscript%uff1ealert%uff08123456%uff09%uff1c/script%uff1e before saving the data
Richard Deeming 8-Nov-19 14:28pm
   
That's not a good idea. The required encoding will vary depending on where the data is being displayed - HTML content, and HTML attribute, a JavaScript string, etc.

You should store the data as entered, and encode when you display it using the correct encoding for output context.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100