crosssite scripting testing?
From: Stephen C. Teller (stephenct@hushmail.com)
Date: 12/26/02
- Next message: Rad: "Re: Strange behavior with SSL and __doPostBack"
- Previous message: David: "Strange behavior with SSL and __doPostBack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: stephenct@hushmail.com (Stephen C. Teller) Date: 25 Dec 2002 16:54:11 -0800
I was reading an article on sanitizing user input on forms and decided
to do an audit of my application over the holiday. I found a variety
of problems, which I repaired. It appears as though none of these
problems were ever taken advantage of, thank goodness.
What I thought would be interesting to this group is that one place
where I found a potential `cross site scripting` bug was some code I
had copied from the Ibuyspy portal sample program. I had copied the
`good reads` control to add a music review section to my site. In the
title input parser, I added a Server.HtmlEncode call that wasn't there
in the original code from Ibuyspy while doing my audit.
I do not know how to check to see if this is truly a problem, I am a
beginner with this security stuff. Can someone who knows better tell
me how to test this?
- Next message: Rad: "Re: Strange behavior with SSL and __doPostBack"
- Previous message: David: "Strange behavior with SSL and __doPostBack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
