Stripping all client-side script
From: Mike Torres (mit4@yahoo.com)
Date: 10/25/02
- Next message: Kyle J. Klimek: "Re: error!"
- Previous message: July: "write to event log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mit4@yahoo.com (Mike Torres) Date: 25 Oct 2002 13:31:54 -0700
Hey folks -
I am looking for a class library (or some code) that can strip
client-side script from an HTML encoded string, and after hours of
searching the net, I haven't found anything.
I want to protect against scripting attacks by stripping all possible
script out of HTML input (using RichTextBox at www.richtextbox.com)
So, for example, it would need to strip:
<script *></script>
javascript:XXX
onLoad="" (really onXXX="")
and probably more (for example style="" for embedding behaviors, etc.)
Does anyone know where I can find such code? I am not a
Jscript/VBscript wiz, so I want to make sure I am covering all the
bases.
Thanks,
Mike
- Next message: Kyle J. Klimek: "Re: error!"
- Previous message: July: "write to event log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
