A
Atlbike
I would like to know if anyone has ever heard of a security solution
for preventing cross-site scripting attacks in classic asp. ASP.NET
1.1 provided a built in validateRequest feature that throws a security
exception whenever there is a < and > character combination in the
request/forms collection. Does anyone know of a server solution that
you can install on IIS that will provide this same functionality? The
only solution I have come up with is to write a global include file
that handles searching the forms and querystring collection looking
for suspect characters. However, this would require updating many asp
files.
for preventing cross-site scripting attacks in classic asp. ASP.NET
1.1 provided a built in validateRequest feature that throws a security
exception whenever there is a < and > character combination in the
request/forms collection. Does anyone know of a server solution that
you can install on IIS that will provide this same functionality? The
only solution I have come up with is to write a global include file
that handles searching the forms and querystring collection looking
for suspect characters. However, this would require updating many asp
files.