Help with validateRequest (XSS)

Discussion in 'ASP .Net' started by cummings695, Dec 14, 2006.

  1. cummings695

    cummings695 Guest

    I have the validateRequest set to true in the web config. I have
    written my own iHTTPHandler class and configured the web.config to use
    it for all requests to app.aspx. when I try to navigate to that page
    with a parameter of xss=<xssmc> the request is processed wothout an
    issue. If I try the same parameter on a page that is not handled by my
    class, an exception is thrown saying that there is a potentialy harmful
    request. I have found that if I call to the request objects
    ValidateInput method in my handler, I will get the same exception when
    I access the request parameters. Am I correct in thinking the default
    aspx handler call this method also. I have searched using reflector but
    I cannot find a call to the ValidateInput method anywhere in the
    System.Web assembly...

    TIA..
     
    cummings695, Dec 14, 2006
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron

    asp.net XSS protection

    Aaron, Apr 19, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    1,699
    Brock Allen
    Apr 19, 2005
  2. Replies:
    3
    Views:
    883
    Lee Harr
    Jun 16, 2006
  3. ABCL

    How XSS works in Frame?

    ABCL, Feb 6, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    517
  4. Replies:
    0
    Views:
    348
  5. Replies:
    0
    Views:
    1,170
  6. coder316

    simple xss question

    coder316, Feb 16, 2010, in forum: ASP .Net
    Replies:
    4
    Views:
    432
    Alexey Smirnov
    Feb 16, 2010
  7. clintonG

    RegEx for XSS (Cross-Site Scripting)?

    clintonG, Sep 8, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    609
    clintonG
    Sep 10, 2004
  8. Robert Slaney

    XSS - Session hijacking

    Robert Slaney, Feb 5, 2009, in forum: ASP .Net Security
    Replies:
    2
    Views:
    1,195
    Steven Cheng
    Feb 5, 2009
Loading...