1

In asp.net how do i prevent html injection:

http://example.com?id=asd"%20href="http://google.com"><>

crome disallow but firefox allow to run that script. Is there any way to prevent HTML injection.

Thanks.

Improve this question

1 Answer 1

Reset to default
2

There is a Microsoft Tutorial about it: https://msdn.microsoft.com/en-us/library/ff647397.aspx

and this one is about SQL Injection: https://msdn.microsoft.com/en-us/library/ff648339.aspx

enter image description here

^^ still from the ms tuts...

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I saw that link. But there is no reference for HTML injection.
isn't there a way to solve it by using web.config. E.g: validateRequest="true"
Im not 100% sure but i think i have never seen a automatic option for it... i thinks there its only possible to do it with your own implementation... you could use a filter: learn.microsoft.com/en-us/aspnet/core/mvc/controllers/filters , that way would only to implement it once.
Thanks, i implemented that code in my global.asax file, if any querystring have invalid HTML paramater, then i will redirect it to 404.aspx.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.