防XSS和传统ASP [英] Anti XSS and Classic ASP

问题描述

目前，林试图保护从我的XSS传统的ASP应用程序。我碰到的AntiXSS从MS在网络上，我想知道这是否会采用了经典的应用吗？

Im currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from MS on the net and i was wondering if this would work with a classic application?

如果不是你有什么想法如何，我可以去sanatizing琴弦？

If not do you have any ideas how i could go about sanatizing the strings?

任何帮助都将是辉煌的。

Any help at all would be brilliant.

感谢

推荐答案

要清理字符串我就带HTML code所有输出，这样你就不必丁克周围的特殊字符或正则表达式的巨大前pressions

To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions

Server.HTMLEncode(string)

要prevent跨站点脚本攻击的两个最重要的对策是：

The two most important countermeasures to prevent cross-site scripting attacks are to:

• 输入约束


• 恩code输出。

如何在ASP.NET prevent跨站点脚本（我知道i'ts不是传统的ASP，但也有类似的校长）

via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)

这篇关于防XSS和传统ASP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！