General Question

archaeopteryx's avatar

What is the best way to fix an XSS problem in a website?

Asked by archaeopteryx (1004points) November 15th, 2009
4 responses
“Great Question” (0points)

There’s this website for my friend that suffers a serious XSS (Cross-Site Scripting) vulnerability. What is the best way to deal with it?

Observing members: 0
Composing members: 0

Answers

phoenyx's avatar

Generally speaking, you scrub all input from users and escape it everywhere it might be displayed. Without more details I can’t give a more detailed answer.

phoenyx (7401points)“Great Answer” (1points)
archaeopteryx's avatar

Well, the site is built with ASP.Net (which I hate to the core).
I’m really not sure about the technical details, though.
All I know is that it’s vulnerable to XSS, because I detected that by myself (ya know, like throwing a simple HTML line to a search bar and seeing if it gets rendered).

archaeopteryx (1004points)“Great Answer” (0points)
Vincentt's avatar

I believe the adagium to keep in mind was “filter input, escape output”. Googling that should turn up some useful results.

Vincentt (8094points)“Great Answer” (0points)
Response moderated (Spam)

Answer this question

Login

or

Join

to answer.

Older »
Should women and men receive equal pay for different ...
« Newer
Synchronized menstruation: does it really happen?

Mobile | Desktop


Send Feedback   

`