Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • webmonger 130 posts 265 karma points
    Nov 18, 2009 @ 09:07
    webmonger
    0

    Cross Site Scripting (XSS) problems and solutions

    Hey

    I'm looking for some help with Anti XSS techniques. I'm working on a project that requires user input that will be publish a node with the content as soon as it's posted to a form on the site.

    I've added the AntiXSS Library from http://antixss.codeplex.com but Umbraco works quite differently to the examples and i wonder if it's possible to do what i need it to do.

    Basically I encode the input using AntiXss.HtmlEncode() but as i understand it you also need to encode the output using AntiXss.HtmlEncode(). Now i know i could just scatter all my XSLT files with this using XSLT helpers but thats really messy and error prone. What i'm looking for is a way to parse all the select statements in my xslt files through the HtmlEncode so i dont have to do it everytime in the xslt.

    TIA

    Jon

    Copy Link
  • webmonger 130 posts 265 karma points
    Dec 05, 2009 @ 00:59
    webmonger
    0

    I have now after quite a bit or research found the solution I think will work better that AntiXSS.

    The reason I say better is because it will only allow safe html through rather than just encoding the input/output.

    The solution comes from OWASP and you can find more information at the OWASP AntiSamy page

    You can test out their solution at http://www.antisamy.net and get the code from Google Code

    Hope this helps others out.

    Jon

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies