Handle javascript injection in asp.net mvc

Question

Handle javascript injection in asp.net mvc

How can we handle javascript injection in asp.net mvc (c #) application?

I can use Html.Encode in my view. But the problem is that I have html to show on the page as a blog post.

Do I need to remove a script injected into input elements of an application? How can I do this in a common place?

+3

javascript asp.net-mvc javascript-injection

Prasad Feb 06 '10 at 5:52

source share

1 answer

Dan Herbert · Accepted Answer · 2010-02-06T06:10:09+0000

Best practice for this:

Save user input as it was entered into the system.
HTML encodes all user input when it is displayed on any page
" " "-" HTML, , .., .

HTML JavaScript .

, " ", , (PDF, , JavaScript, RSS ..), . . .

HTML Encoding System.Web.HttpUtility.HtmlEncode(...).

2 3, Microsoft AntiXSS. , HttpUtility , . , , GetSafeHtmlFragment(...), JavaScript . JavaScript, . , GetSafeHtmlFragment not GetSafeHtml, HTML-.

: AntiXss ( 2012 ), , , . , , . Microsoft .

Handle javascript injection in asp.net mvc

More articles: