Microsoft has announced the final 1.0 release of ASP.NET Ajax (a.k.a. Atlas).
ASP.NET AJAX Control Toolkit
In addition to the fully-supported ASP.NET AJAX 1.0 release, you can use the more than 30 free ASP.NET AJAX enabled controls available within the ASP.NET AJAX Control Toolkit
Wednesday, January 24, 2007
Thursday, January 11, 2007
HttpUtility.HtmlEncode and Server. HtmlEncode do not prevent Cross Site Scripting
Do not use: HttpUtility.HtmlEncode or Server.HtmlEncode because this functions only encodes <>"& characters. This is not sufficient to protect against all possible attacks.
For instance, the following ASP.NET code would be vulnerable:
In order to be fully protected use the method: HtmlEncode of Microsoft Anti-Cross Site Scripting Library.
Tutorial that shows you how to use the Microsoft Anti-Cross Site Scripting Library:
http://msdn2.microsoft.com/en-us/library/aa973813.aspx
Forum:
http://forums.asp.net/1107/ShowForum.aspx.
For instance, the following ASP.NET code would be vulnerable:
In order to be fully protected use the method: HtmlEncode of Microsoft Anti-Cross Site Scripting Library.
Tutorial that shows you how to use the Microsoft Anti-Cross Site Scripting Library:
http://msdn2.microsoft.com/en-us/library/aa973813.aspx
Forum:
http://forums.asp.net/1107/ShowForum.aspx.
Subscribe to:
Posts (Atom)
