反 XSS 和经典 ASP [英] Anti XSS and Classic ASP

问题描述

我目前正在尝试保护我的经典 ASP 应用程序免受 XSS 攻击.我在网上遇到了 Microsoft 的 AntiXSS，我想知道这是否适用于经典应用程序?

I'm currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from Microsoft on the net and I was wondering if this would work with a classic application?

如果没有，您有任何想法我可以如何对字符串进行消毒吗?

If not do you have any ideas how I could go about sanitizing the strings?

推荐答案

为了清理字符串，我将对所有输出进行 HTML 编码，这样您就不必再纠结于特殊字符或巨大的正则表达式了

To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions

Server.HTMLEncode(string) 

防止跨站点脚本攻击的两个最重要的对策是:

The two most important countermeasures to prevent cross-site scripting attacks are to:

• 约束输入.
• 编码输出.

通过 如何:防止 ASP.NET 中的跨站点脚本(我知道我不是经典的 asp，但也有类似的原理)

via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)

这篇关于反 XSS 和经典 ASP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！