反 XSS 和经典 ASP [英] Anti XSS and Classic ASP
问题描述
我目前正在尝试保护我的经典 ASP 应用程序免受 XSS 攻击.我在网上遇到了 Microsoft 的 AntiXSS,我想知道这是否适用于经典应用程序?
I'm currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from Microsoft on the net and I was wondering if this would work with a classic application?
如果没有,您有任何想法我可以如何对字符串进行消毒吗?
If not do you have any ideas how I could go about sanitizing the strings?
推荐答案
为了清理字符串,我将对所有输出进行 HTML 编码,这样您就不必再纠结于特殊字符或巨大的正则表达式了
To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions
Server.HTMLEncode(string)
防止跨站点脚本攻击的两个最重要的对策是:
The two most important countermeasures to prevent cross-site scripting attacks are to:
- 约束输入.
- 编码输出.
通过 如何:防止 ASP.NET 中的跨站点脚本(我知道我不是经典的 asp,但也有类似的原理)
via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)
这篇关于反 XSS 和经典 ASP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!