Explained – Cross-Site Scripting

ASP.NET 2.0 Security Videos

J.D. Meier, Keith Brown, Prashant Bansode
Microsoft Corporation

November 2007

This video module shows you how to protect from cross-site scripting issues.

Objectives

• Recognize cross-site scripting vulnerabilities.
• Encode untrusted output with HtmlEncode.
• Validate input with a regular expression.
• Use ASP.NET’s built-in cross-site scripting protection mechanism.

Video

The video is a small wmv file streaming / download:

• Explained – Cross-Site Scripting (Length: 5:32 - Size: 4:34 MB)

Recommended Guidance

• How To: Prevent Cross-Site Scripting in ASP.NET
• How To: Use Regular Expressions to Constrain Input in ASP.NET
• Design Guidelines for Secure Web Applications (See "Input Validation" section)
• Architecture and Design Review for Security (See "Input Validation" section)
• Security Guidelines: ASP.NET 2.0 (See "Input and Data Validation" section)