Help with validateRequest (XSS)

Discussion in 'ASP .Net' started by cummings695, Dec 14, 2006.

  1. cummings695

    cummings695 Guest

    I have the validateRequest set to true in the web config. I have
    written my own iHTTPHandler class and configured the web.config to use
    it for all requests to app.aspx. when I try to navigate to that page
    with a parameter of xss=<xssmc> the request is processed wothout an
    issue. If I try the same parameter on a page that is not handled by my
    class, an exception is thrown saying that there is a potentialy harmful
    request. I have found that if I call to the request objects
    ValidateInput method in my handler, I will get the same exception when
    I access the request parameters. Am I correct in thinking the default
    aspx handler call this method also. I have searched using reflector but
    I cannot find a call to the ValidateInput method anywhere in the
    System.Web assembly...

    TIA..
    cummings695, Dec 14, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron

    asp.net XSS protection

    Aaron, Apr 19, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    1,540
    Brock Allen
    Apr 19, 2005
  2. Replies:
    3
    Views:
    776
    Lee Harr
    Jun 16, 2006
  3. ABCL

    How XSS works in Frame?

    ABCL, Feb 6, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    392
  4. Replies:
    0
    Views:
    262
  5. Replies:
    0
    Views:
    1,045
Loading...

Share This Page