3

Please suggest me the best way to stop Cross-site scripting (XSS) through URL.

For Example see below URL and after affect of this attack.

https://example.com/questions/ask.aspx?hf=15315%27%3balert("XSS")%2f%2f150

and after this an alert has been occur on browser.

enter image description here

Improve this question

2 Answers 2

Reset to default
1

For ASP.NET, you could use the System.Web.Security.AntiXssEncoder to wrap the text in HtmlEncode. This should prevent malicious actors from saving scripts to your database that would execute in a browser.

entity.SomeValue = AntiXssEncoder.HtmlEncode(model.SomeValue);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

For preventing XSS attack using URLs we can use AntiXssEncoder.UrlEncode(inputFromQueryString)
0

Validate the http input request parameter, before using it as parameter or rendering in a returned page. You may be able to whitelist values for your parameter as well.

https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

Improve this answer

2 Comments

I am new so can you please give me simple example about related question
Read through the owasp article. It has code samples and explanations

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.