What is the best way to fix an XSS problem in a website?
There’s this website for my friend that suffers a serious XSS (Cross-Site Scripting) vulnerability. What is the best way to deal with it?
Observing members:
0
Composing members:
0
Answers
Generally speaking, you scrub all input from users and escape it everywhere it might be displayed. Without more details I can’t give a more detailed answer.
Well, the site is built with ASP.Net (which I hate to the core).
I’m really not sure about the technical details, though.
All I know is that it’s vulnerable to XSS, because I detected that by myself (ya know, like throwing a simple HTML line to a search bar and seeing if it gets rendered).
I believe the adagium to keep in mind was “filter input, escape output”. Googling that should turn up some useful results.
Response moderated (Spam)
Answer this question