Cross site scripting vulnerability handling techniques

Question

3.40/5 (2 votes)

See more:

Hello my first ever question on Web.
i have been searching for Cross site scripting and its techniques and how to fix these vulnerability.

My applicatoin is already handling and checking for any script in Form textboxes . only xss can hurt me through URL's paramater .

I check or apply encoding decoding on each page this will cost me a lot effort as there are hundered of pages .

i was thinking to check the URL for any spcial character on golobal.asax begin_request method and if there is any script or spcial character it will route to error page.

or i can implement this check on generic page clas that i have build for some reason i dont have that project only DLL is availble

so please sugest me any other way to address this issue.

soryy for my bad english and thanks in advance

Posted 1-Sep-13 23:35pm

mahboobs

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**NAGARAJ N MACHAKNUR** · Answer 1 · 2013-09-02T00:12:00

Solution 1

Update .js file to latest version. It will solve your web vulnerablity issue.

Please refer this link :
http://www.acunetix.com/websitesecurity/cross-site-scripting/[^]

Posted 2-Sep-13 0:12am

NAGARAJ N MACHAKNUR

Comments

Bala Selvanayagam 2-Sep-13 6:16am

5ed

mahboobs 5-Sep-13 1:30am

Guys Thank you so much for reply so quick<pre lang="xml">.

My application handling XSS already through input checks - only URL are vulnerable .

if i make my own function to check each query string on each page either the parameter contain any dangerous script .is this technique is fine.
i want check for following special character
< > ; : ' " ( ) ^ /

Please suggest !

mahboobs 5-Sep-13 1:31am

Thanks7872 · Answer 2 · 2013-09-02T00:30:00

Solution 2

Refer to this link and find the answer i posted there.

need code about Sql injection and XSS vulnerability[^]

Regards..:)

Posted 2-Sep-13 0:30am

Thanks7872

Comments

mahboobs 5-Sep-13 1:30am

Guys Thank you so much for reply so quick<pre lang="xml">.

My application handling XSS already through input checks - only URL are vulnerable .

if i make my own function to check each query string on each page either the parameter contain any dangerous script .is this technique is fine.
i want check for following special character
< > ; : ' " ( ) ^ /

Please suggest !