Click here to Skip to main content
15,921,212 members
Please Sign up or sign in to vote.
3.40/5 (2 votes)
Hello my first ever question on Web.
i have been searching for Cross site scripting and its techniques and how to fix these vulnerability.

My applicatoin is already handling and checking for any script in Form textboxes . only xss can hurt me through URL's paramater .

I check or apply encoding decoding on each page this will cost me a lot effort as there are hundered of pages .

i was thinking to check the URL for any spcial character on golobal.asax begin_request method and if there is any script or spcial character it will route to error page.

or i can implement this check on generic page clas that i have build for some reason i dont have that project only DLL is availble

so please sugest me any other way to address this issue.

soryy for my bad english and thanks in advance
Posted

Update .js file to latest version. It will solve your web vulnerablity issue.

Please refer this link :
http://www.acunetix.com/websitesecurity/cross-site-scripting/[^]
 
Share this answer
 
Comments
Bala Selvanayagam 2-Sep-13 6:16am    
5ed
mahboobs 5-Sep-13 1:30am    
Guys Thank you so much for reply so quick<pre lang="xml">.

My application handling XSS already through input checks - only URL are vulnerable .

if i make my own function to check each query string on each page either the parameter contain any dangerous script .is this technique is fine.
i want check for following special character
< > ; : ' " ( ) ^ /

Please suggest !
mahboobs 5-Sep-13 1:31am    
<script>alert(1)</script>
this kind of script handle by request validation but these are not
';alert(1);//
Refer to this link and find the answer i posted there.

need code about Sql injection and XSS vulnerability[^]

Regards..:)
 
Share this answer
 
Comments
mahboobs 5-Sep-13 1:30am    
Guys Thank you so much for reply so quick<pre lang="xml">.

My application handling XSS already through input checks - only URL are vulnerable .

if i make my own function to check each query string on each page either the parameter contain any dangerous script .is this technique is fine.
i want check for following special character
< > ; : ' " ( ) ^ /

Please suggest !

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900