All geek questions in one place

Extending / overriding existing ASP.NET controls

I have a project with a range of shortcuts, text fields and other web controls. There are literally hundreds of them.

Now I want to override some properties in order to run content through the anti-XSS library. For example, when I set a label text property using data from a database, I want to automatically run a function to clear any potentially malicious code.

I also tried to override the text property using a class that implements IExtenderProvider, but I could not help it.

If I were building it from scratch, perhaps I decided to create a new shortcut class that inherits the system label class. Due to the size of the project, I would prefer not to.

Any thoughts?

+4
source share
2 answers

First, I want to point out that the right way to avoid XSS vulnerabilities is to correctly encode user input before embedding it in your page . For example, if you assign a text string to the Text Label property , you need to encode the value because the text property is displayed verbatim as HTML:

label.Text = HttpUtility.HtmlEncode(user.Name)

(Note: by "plain text" I mean text where the characters are of type <and have no special meaning.)

-, , . ( - ). !

, , , . , . , <asp:Label> :

Imports System.Web.UI
Imports System.Web.UI.WebControls.Adapters

Public Class LabelControlAdapter
    Inherits WebControlAdapter

    Protected Overrides Sub RenderContents(writer As HtmlTextWriter)
        Dim label As Label = Me.Control
        label.Text = "***" + label.Text + "***"  ' TODO: Use your anti-XSS library
        MyBase.RenderContents(writer)
    End Sub
End Class

LabelControlAdapter, Me.Control - .

.browser App_Browsers, , :

<browsers>
    <browser refID="Default">
        <controlAdapters>
            <adapter
                controlType="System.Web.UI.WebControls.Label"
                adapterType="TempVBWebApp.LabelControlAdapter, TempVBWebApp" />
        </controlAdapters>
    </browser>
</browsers>
+1

, - , -xss.

VB.Net: http://msdn.microsoft.com/en-us/library/1h3wytf6.aspx

, :

Module Module1

    Sub Main()

    End Sub

    'Placeholder for antiXSS library functions 
    Public Function antiXSS(ByVal input As String) As String
        Return input
    End Function

    'Original control class 
    Public Class originalControlClass
        Private _name As String
        Public Property name As String
            Get
                Return _name

            End Get
            Set(value As String)
                _name = value
            End Set
        End Property
    End Class

    Public Class securedControlClass
        Inherits originalControlClass
        Public Shadows Property name As String
            Get
                'return value from base class
                Return MyBase.name
            End Get
            Set(value As String)
                'Run anti-XSS code and pass result to base class
                MyBase.name = antiXSS(value)
            End Set
        End Property
    End Class
End Module

secureControlClass originalControlClass, name. , secureControlClass. * Name * originalControlClass.

, . (.. originalControlClass) (.. secureControlClass). , , , .

:

  • . , , XSS.
  • , , , , , :)
0

Source: https://habr.com/ru/post/1532316/

More articles:


All Articles