如何通过ASP.Net中的代理工具中的拦截器阻止跨站点脚本(XSS) [英] How can I block Cross-site Scripting (XSS) through interceptor in proxy tool in ASP.Net
问题描述
我的页面上有文本框的名字和姓氏。
当我测试页面并用Doe%uff1cscript%uff1ealert%uff0812345%uff09%uff1c / script%uff1使用时更新姓氏像BURP套件这样的代理工具中的拦截器将姓氏存储为< script> alert(12345)< / script>在数据库中。
我曾尝试使用Microsoft Antixss Library,但这不起作用。下面是我使用的代码:
Dim Lname As String = Microsoft.Security.Application.Encoder.HtmlEncode(txtLName.Text)
有没有人有一个建议,我怎么能阻止这个?
I have page that with textbox's for first and last name.
When i test the page and update the last name with Doe%uff1cscript%uff1ealert%uff0812345%uff09%uff1c/script%uff1 using interceptor in proxy tool like BURP suite the last name gets stored as <script>alert(12345)</script> in the database.
I have tried to use Microsoft Antixss Library but that did not work. Below is the code I used:
Dim Lname As String = Microsoft.Security.Application.Encoder.HtmlEncode(txtLName.Text)
Does anyone have a suggestions one how I can prevent this?
推荐答案
请看我对这个问题的评论,我看到一些含糊不清的地方。本文可以为您提供一些想法: https://www.cs.ucsb.edu/~ chris / research / doc / sess09_swap.pdf [ ^ ]。
-SA
Please see my comment to the question, where I see some ambiguity. This article can give you some ideas: https://www.cs.ucsb.edu/~chris/research/doc/sess09_swap.pdf[^].
—SA
这篇关于如何通过ASP.Net中的代理工具中的拦截器阻止跨站点脚本(XSS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!