Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
.gif)
J.D. Meier, Keith Brown, Prashant Bansode
Microsoft Corporation
November 2007
This video module shows you how to protect from cross-site scripting issues.
- Recognize cross-site scripting vulnerabilities.
- Encode untrusted output with HtmlEncode.
- Validate input with a regular expression.
- Use ASP.NET’s built-in cross-site scripting protection mechanism.
The video is a small wmv file streaming / download:
- Explained – Cross-Site Scripting (Length: 5:32 - Size: 4:34 MB)
- How To: Prevent Cross-Site Scripting in ASP.NET
- How To: Use Regular Expressions to Constrain Input in ASP.NET
- Design Guidelines for Secure Web Applications (See "Input Validation" section)
- Architecture and Design Review for Security (See "Input Validation" section)
- Security Guidelines: ASP.NET 2.0 (See "Input and Data Validation" section)