Validating a valid URL

From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 10/01/04

• Next message: Dominick Baier: "Re: Folder access"
• Previous message: roland: "Using the Public Key embedded in the Assembly?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: microsoft.public.dotnet.security
Date: Fri, 01 Oct 2004 00:32:00 -0700

There's a function in the System.Web Namespace called HtmlEncode - this will convert a string to something that can be safely displayed in HTML pages - converting e.g. < to &lt;

 maybe you can make use of this in detecting bogus characters...

 

 ---
 Dominick Baier - DevelopMentor
 http://www.leastprivilege.com

   nntp://news.microsoft.com/microsoft.public.dotnet.security/>

 Is there a function that validates if a URL is valid or not? Basically I'm
 trying to filter out bogus input, and things like cross site scripting
 attacks.
 
 Example:
 <img src="javascript:alert(document.cookie)">
 
 Doing it by regex seems way too complicated and there could be holes in the
 logic if something is missed.
 
 
 
 [microsoft.public.dotnet.security]

---

• Next message: Dominick Baier: "Re: Folder access"
• Previous message: roland: "Using the Public Key embedded in the Assembly?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-10