Encode in Genralised way

Jan 6, 2010 at 6:11 AM

Hi,

In my project totally we have more than 300 pages.I want to encode all the urls ,Request.Querystrings,Request.rawurls and also I want to Encode  all the input controls like textbox,hiddencontrols,dropdownlist etc.

What would be better approach of doing this task instead of doing it in all the pages without affecting the performance of the application.

I am using .Net 2.0

Can anybody please suggest me.

Thanks in advance.

-Krishna Kumar.A

 

 

 

 

Coordinator
Jan 6, 2010 at 5:13 PM

Hi Krishna,

You can use SRE for encoding controls, SRE provides customizable way of encoding controls before the page gets rendered. With regards to Request object, you would have to encode them manually using Anti-XSS Library based on the required context. More information can be found at http://msdn.microsoft.com/en-us/library/aa973813.aspx.

Thanks

Anil Revuru (INFORMATION SECURITY TOOLS)

From: krishnaTratum [mailto:notifications@codeplex.com]
Sent: Tuesday, January 05, 2010 11:12 PM
To: Anil Revuru (INFORMATION SECURITY TOOLS)
Subject: Encode in Genralised way [AntiXSS:79873]

From: krishnaTratum

Hi,

In my project totally we have more than 300 pages.I want to encode all the urls ,Request.Querystrings,Request.rawurls and also I want to Encode all the input controls like textbox,hiddencontrols,dropdownlist etc.

What would be better approach of doing this task instead of doing it in all the pages without affecting the performance of the application.

I am using .Net 2.0

Can anybody please suggest me.

Thanks in advance.

-Krishna Kumar.A

Read the full discussion online.

To add a post to this discussion, reply to this email (AntiXSS@discussions.codeplex.com)

To start a new discussion for this project, email AntiXSS@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com