N
Neil
Hi,
I have been investigating CSS vulnerabilites within my application and have
a question. If I added malicious script tags to the Url these are
automatically removed from all pages of my application and the user is
redirected to my custom error page. This is all taken care of by the .Net
Runtime and works as expected. However if after being redirected to the
custom error page I append script to the query string this is not removed and
I'm presented with the default page telling me to create a custom error page,
I guess you can't have a custom error page for a custom error page... My
question is should I be concerned about this? Should the script tags not be
removed?
Thanks
I have been investigating CSS vulnerabilites within my application and have
a question. If I added malicious script tags to the Url these are
automatically removed from all pages of my application and the user is
redirected to my custom error page. This is all taken care of by the .Net
Runtime and works as expected. However if after being redirected to the
custom error page I append script to the query string this is not removed and
I'm presented with the default page telling me to create a custom error page,
I guess you can't have a custom error page for a custom error page... My
question is should I be concerned about this? Should the script tags not be
removed?
Thanks