How do you avoid XSS vulnerabilities in ASP.Net (MVC)?
I recently noticed that I had a big hole in my application because I had done something like:
xss
What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode?
I just ran across a question with an answer suggesting the AntiXss library to avoid cross site scripting. Sounded interesting, reading the msdn blog, it appears to just provide an HtmlEncode() method. But I already use HttpUtility.HtmlEncode().
How to prevent XSS (Cross Site Scripting) whilst allowing HTML input
I have a website that allows to enter HTML through a TinyMCE rich editor control. It’s purpose is to allow users to format text using HTML.
Why use Microsoft AntiXSS library?
When you can simply encode the data using HttpUtility.HtmlEncode, why should we use AntiXss.HtmlEncode?
How to sanitize input from MCE in ASP.NET?
Is there a utility/function in C# to sanitize the source code of tinyMCE rich text. I would like to remove dangerous tags but like to whitelist safe html tags.
How exactly do you configure httpOnlyCookies in ASP.NET?
Inspired by this CodingHorror article, “Protecting Your Cookies: HttpOnly“
What characters or character combinations are invalid when ValidateRequest is set to true?
I’ve tried looking at the Microsoft site and Googling this but nobody seems to have an answer aside from the < and the >. There’s more to it than that though. I’ve noticed that the HTML entity starter of &# is invalid. Is there anything else? Does anyone have a complete list?
Is PagesSection.ValidateRequest enough to prevent XSS in asp.Net
In asp.net is the PagesSection.ValidateRequest method enough to prevent all XSS attacks or is there something more that needs to be done?
Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)
I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML.