I maintain an asp.net 4.0 application, not MVC, based on some close source and I must implement some anti-xss in query parameters it uses. I can't access all the code and altering all the components is out of question. I can't upgrade the .net version, also. Does it make sense to try to rewrite the path to encode/escape the query strings in order to encode the query strings, to avoid some xss injection using them? Could it be done as the browsers do? Could it be done to encode when needed only, avoiding an infinite loop?
How to implement browser url and query string escaping on server side?
194 views Asked by mike At
0
There are 0 answers
Related Questions in URL-REWRITING
- IIS Rewrite Module exclude bots but allow GoogleBot
- Redirect to another site but show the original URL in browser
- Change page title in confluence without changing URL
- Problem in hosting React App with react-router-dom on IIS Server
- htaccess rewrite rule - if the parameter value has forward slashes
- Sharepoint document library URL Rewrite
- IIS 10 canonical domain name rewrite rule fails when non-canonical name is not in the site bindings
- IIS URL Rewrite 2 different URLs in one Rule using Conditions, is it possible?
- Azure web App is ignoring web.config URL rewrite
- Wordpress Rewrite Rule to Pass Custom Query Var to Homepage
- Only allow one URL to access a website. Block all ofters in .htaccess
- Using URL Rewrite to redirect a link
- .htaccess Removing the folder name in URL
- URL rewriting using .htaccess on static url
- Content change via URL parameter
Related Questions in REQUEST.QUERYSTRING
- Why doesn't [FromQuery] work when unit testing a Razor page?
- Request.QueryString with AJAX request
- request.query does not print the query in Fastify (querystring)
- Multiple values of a querystring parameter that contain commas C#
- Laravel - use Request in a function that call another function
- how to decode string on php. iconv decode is not work
- Web scraping dynamic website with scrapy and query string parameters
- Why does IIS care if "convert" is misspelled in a query string?
- htaccess send 404 if query string contains keyword
- How to prevent unwanted request in node js express?
- C# REST API query parser
- Remove querystring value inside repeater
- Unable to retrieve query string parameter value by using Laravel 5.6
- How can I shorten the query string?
- How to implement browser url and query string escaping on server side?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)