Filter user entered Html for possible Cross Site Scripting attacks

E

emer.kurbegovic

I need to build a filter that will filter user entered html and which
will allow only certain html tags through (i.e. <IMG>, <SCRIPT> and
<EMBED> would be allowed).

i was going to HtmlEncode the entire user html input and filter out
only what is "allowed".

i need the best way to filter for all possible known xss attacks. is
there anything like this out there already?

have already read couple of articles on preventing the cross site
scripting:
1.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
2 .http://www.technicalinfo.net/papers/CSS.html

any help would be appreciated.

thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cross-site scripting (XSS) defense 3
Cross Site Scripting 2
Allow HTML input in form field WITH Cross-Site scripting security 0
Ruby, Web Apps and Cross Site Scripting 2
Restricting HTML tags entered in a JEditorPane 0
Cross-Site Scripting basic sample 0
So called cross-site (XSS) vulnerabilities: a new fraud or a stupidme? 1
Using ISAPI filter with .net for URL Rewriting 2

Members online

No members online now.
Total: 108 (members: 0, guests: 108)
Robots: 157

Forum statistics

Threads
474,262
Messages
2,571,058
Members
48,769
Latest member
Clifft

Latest Threads

Top