TechQA.

use of string in place of URL (in anti XSS)

1.1k views Asked by At

I need to find a way to implement encoding.

Since HTML Encoding is not working, hence I am using: 

using System.Web.Security.AntiXss;

and then:

AntiXssEncoder.UrlEncode(**Iam passing string here**)

This measure resolves my issue(Positive results in HP Fortify), however I am concerned since instead of URL I am using string. Would this result into any impediments?

c# .net visual-studio-2013 xss antixsslibrary
Original Q&A
1

There are 1 answers

0
Samer Khatib On 
using System.Web.Security.AntiXss;

and then:

string Comment= AntiXssEncoder.XmlAttributeEncode(passing string here);

or to accept HTML tags that put text in bold or italics; check content manually.

    public static bool DangerousContent (string text)
    {
        bool Status = false;
        if (
            text.Contains("<body>") ||
            text.Contains("<embed>") ||
            text.Contains("<frame>") ||
            text.Contains("<script>") ||
            text.Contains("<frameset>") ||
            text.Contains("<html>") ||
            text.Contains("<iframe>") ||
            text.Contains("<style>") ||
            text.Contains("<layer>") ||
            text.Contains("<link>") ||
            text.Contains("<ilayer>") ||
            text.Contains("<meta>") ||
            text.Contains("<meta>") ||
            text.Contains("<applet>")
           )//can add more
        {
            Status = true; 
        }
        return Status;
    }

Related Questions in C#

Related Questions in .NET

Related Questions in VISUAL-STUDIO-2013

Related Questions in XSS

Related Questions in ANTIXSSLIBRARY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions