防XSS和传统ASP [英] Anti XSS and Classic ASP
问题描述
目前,林试图保护从我的XSS传统的ASP应用程序。我碰到的AntiXSS从MS在网络上,我想知道这是否会采用了经典的应用吗?
Im currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from MS on the net and i was wondering if this would work with a classic application?
如果不是你有什么想法如何,我可以去sanatizing琴弦?
If not do you have any ideas how i could go about sanatizing the strings?
任何帮助都将是辉煌的。
Any help at all would be brilliant.
感谢
推荐答案
要清理字符串我就带HTML code所有输出,这样你就不必丁克周围的特殊字符或正则表达式的巨大前pressions
To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions
Server.HTMLEncode(string)
要prevent跨站点脚本攻击的两个最重要的对策是:
The two most important countermeasures to prevent cross-site scripting attacks are to:
- 输入约束
- 恩code输出。
如何在ASP.NET prevent跨站点脚本(我知道i'ts不是传统的ASP,但也有类似的校长)
via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)
这篇关于防XSS和传统ASP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!