1

Excuse my limited knoweldge here.

In the past I have used Steve Sanderson's method to HTML encode by default at runtime: http://blog.stevensanderson.com/2007/12/19/aspnet-mvc-prevent-xss-with-automatic-html-encoding/

I have a need to alter img src and a href attributes before they are spat out in the user's browser. There is a solution using JavaScript but this is not ideal for several reasons. Intercepting the compiler is not an option because of unnecessarily using Response.Write for trivial HTML.

Is there something I can do with HTTP modules or the view engine?

Any thoughts?

UPDATE: I do not need to HTML encode the attributes but I do have a need to change them.

Cheers.

Improve this question

1 Answer 1

Reset to default
3

Use a response filter. Works with any ASP.NET project, including MVC. Should work even if you're using a different view engine, as it intercepts at a lower level.

Here's an actual example that strips whitespace:

https://web.archive.org/web/20211029043851/https://www.4guysfromrolla.com/articles/120308-1.aspx

I've used this before to rewrite links before sending to the client, but I can't find the code at the moment.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Better words for what I want to do - "rewrite links". Cheers!
A response filter was used to alter the markup before it was spat out. a HTTP module was used to kick off the response filter.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.