Allow HTML input in form field WITH Cross-Site scripting security

Discussion in 'ASP .Net' started by Earl Teigrob, Feb 18, 2004.

  1. Earl Teigrob

    Earl Teigrob Guest

    I want to allow users to input html (via a rich text box) or directly, into
    a form field, save it in a data store and then output that html to the
    browser, but not allow cross-site scripting.

    What is the minimum that I need to filter to prevent cross-site scripting?
    Can it check for any occurance of the "<script" tag and alter it so that no
    usable javascript can be inserting with the HTML?

    Thanks

    Earl
     
    Earl Teigrob, Feb 18, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott M.

    Cross-Site Scripting...

    Scott M., Dec 22, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    3,394
    Steven Cheng[MSFT]
    Dec 24, 2003
  2. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Cross site scripting

    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    436
    Brock Allen
    Apr 28, 2005
  3. Replies:
    3
    Views:
    808
  4. Replies:
    0
    Views:
    369
  5. jamesd
    Replies:
    1
    Views:
    118
    -Lost
    Jun 20, 2007
Loading...

Share This Page