Re: Datagrid security hole????

From: Aaron Margosis [MS] (aaronmaronline@microsoft.com)
Date: 07/07/02


From: "Aaron Margosis [MS]" <aaronmaronline@microsoft.com>
Date: Sun, 7 Jul 2002 01:16:20 -0400


All user input must always be filtered and validated before being used.
Never insert unknown and unfiltered data directly into web pages, SQL
queries, or other command strings.

-- Aaron

"Marco Paci" <mpaci@omniway.sm> wrote in message
news:OUdICAGJCHA.1772@tkmsftngp09...
> Hello all,
> I'm working on the development of an application used to collect
> requests of help from users of a service. Users insert a description of
> their problem in our database.
> To visualize the pending requests I wanna use a Datagrid. I noticed that
if
> someone store a javascript in the field for the description of the
problem,
> when I visualize the Datagrid the javascript is executed.
> I wanna keep this kind of user interface without give up to use the
datagrid
> to render the datas. Can anyone suggest me a solution?
> I hope this problem will be long discussed on this newsgroup because it
> seems to me the kind of behaviour that can introduce too easily threats in
> asp.net applications.
> Tia
> Marco Paci
>
>



Relevant Pages

  • Datagrid security hole????
    ... To visualize the pending requests I wanna use a Datagrid. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Datagrid security hole????
    ... untrusted user input directly. ... > To visualize the pending requests I wanna use a Datagrid. ... > when I visualize the Datagrid the javascript is executed. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Make onclick do more than one thing?
    ... I'd like it to not only trigger a button column, ... like my dopostback event to perform the onmouseout event as well as ... Another option is to add your own JavaScript handler. ... creating your own control inherited from GridView (DataGrid) that spits ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Weird LinkButton!
    ... Am using the command name of the datagrid. ... this code works fine when run in the local machine but throws javascript ... >> in linkbutton control and for my surprise am getting the same error. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: HyperLink
    ... Do it on the client ... AD.1 create a javascript array that you will put in your selections when you ... I put into a panel some DataGrid created at run-time. ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)