Filter user entered Html for possible Cross Site Scripting attacks

Discussion in 'ASP .Net' started by emer.kurbegovic@gmail.com, Aug 14, 2006.

  1. Guest

    I need to build a filter that will filter user entered html and which
    will allow only certain html tags through (i.e. <IMG>, <SCRIPT> and
    <EMBED> would be allowed).

    i was going to HtmlEncode the entire user html input and filter out
    only what is "allowed".

    i need the best way to filter for all possible known xss attacks. is
    there anything like this out there already?

    have already read couple of articles on preventing the cross site
    scripting:
    1.
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
    2 .http://www.technicalinfo.net/papers/CSS.html

    any help would be appreciated.

    thanks
    , Aug 14, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott M.

    Cross-Site Scripting...

    Scott M., Dec 22, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    3,366
    Steven Cheng[MSFT]
    Dec 24, 2003
  2. Earl Teigrob
    Replies:
    0
    Views:
    530
    Earl Teigrob
    Feb 18, 2004
  3. TN Bella
    Replies:
    1
    Views:
    1,465
    TN Bella
    Jul 1, 2004
  4. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Cross site scripting

    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    422
    Brock Allen
    Apr 28, 2005
  5. Replies:
    3
    Views:
    788
Loading...

Share This Page