E
emer.kurbegovic
I need to build a filter that will filter user entered html and which
will allow only certain html tags through (i.e. <IMG>, <SCRIPT> and
<EMBED> would be allowed).
i was going to HtmlEncode the entire user html input and filter out
only what is "allowed".
i need the best way to filter for all possible known xss attacks. is
there anything like this out there already?
have already read couple of articles on preventing the cross site
scripting:
1.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
2 .http://www.technicalinfo.net/papers/CSS.html
any help would be appreciated.
thanks
will allow only certain html tags through (i.e. <IMG>, <SCRIPT> and
<EMBED> would be allowed).
i was going to HtmlEncode the entire user html input and filter out
only what is "allowed".
i need the best way to filter for all possible known xss attacks. is
there anything like this out there already?
have already read couple of articles on preventing the cross site
scripting:
1.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
2 .http://www.technicalinfo.net/papers/CSS.html
any help would be appreciated.
thanks