Filter user entered Html for possible Cross Site Scripting attacks

Discussion in 'ASP .Net' started by emer.kurbegovic@gmail.com, Aug 14, 2006.

  1. Guest

    I need to build a filter that will filter user entered html and which
    will allow only certain html tags through (i.e. <IMG>, <SCRIPT> and
    <EMBED> would be allowed).

    i was going to HtmlEncode the entire user html input and filter out
    only what is "allowed".

    i need the best way to filter for all possible known xss attacks. is
    there anything like this out there already?

    have already read couple of articles on preventing the cross site
    scripting:
    1.
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
    2 .http://www.technicalinfo.net/papers/CSS.html

    any help would be appreciated.

    thanks
     
    , Aug 14, 2006
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott M.

    Cross-Site Scripting...

    Scott M., Dec 22, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    3,686
    Steven Cheng[MSFT]
    Dec 24, 2003
  2. Earl Teigrob
    Replies:
    0
    Views:
    686
    Earl Teigrob
    Feb 18, 2004
  3. TN Bella
    Replies:
    1
    Views:
    1,738
    TN Bella
    Jul 1, 2004
  4. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Cross site scripting

    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    543
    Brock Allen
    Apr 28, 2005
  5. Replies:
    3
    Views:
    972
  6. Qaurk Noble

    Preventing Cross Site Scripting

    Qaurk Noble, Dec 11, 2003, in forum: Java
    Replies:
    0
    Views:
    479
    Qaurk Noble
    Dec 11, 2003
  7. Replies:
    3
    Views:
    888
    Lee Harr
    Jun 16, 2006
  8. vineetbatta

    Cross-Site Scripting & sqlDataReader

    vineetbatta, May 11, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    276
    avnrao
    May 11, 2004
Loading...