Explained – Cross-Site Scripting

Article
11/21/2007

ASP.NET 2.0 Security Videos

J.D. Meier, Keith Brown, Prashant Bansode
Microsoft Corporation

November 2007

This video module shows you how to protect from cross-site scripting issues.

Objectives

Recognize cross-site scripting vulnerabilities.
Encode untrusted output with HtmlEncode.
Validate input with a regular expression.
Use ASP.NET’s built-in cross-site scripting protection mechanism.

Video

The video is a small wmv file streaming / download:

Explained – Cross-Site Scripting (Length: 5:32 - Size: 4:34 MB)

Recommended Guidance

How To: Prevent Cross-Site Scripting in ASP.NET
How To: Use Regular Expressions to Constrain Input in ASP.NET
Design Guidelines for Secure Web Applications (See "Input Validation" section)
Architecture and Design Review for Security (See "Input Validation" section)
Security Guidelines: ASP.NET 2.0 (See "Input and Data Validation" section)