How to protect my website from HTML Injection

Posted by Nabanita under ASP.NET on 8/24/2010 | Points: 10 | Views : 2146 | Status : [Member] | Replies : 1
Hi every body, I am developing an web site in asp.net 2.0 . I want to make my site not vulnerable to any html injection attack.
Please tell what are all the possible steps to do it?




Responses

Posted by: SheoNarayan on: 8/24/2010 [Administrator] HonoraryPlatinum | Points: 25

Up
0
Down
HTML injection is a type of injection where user see the altered web server response.

In order to avoid the HTML injection, you can use Server.HtmlEncode method before showing any message to the user.

Read this, it may help http://www.cgisecurity.com/xss-faq.html You can watch this video http://www.youtube.com/watch?v=8VGP29DMPGU that may help you understand how it is done.

Thanks

Regards,
Sheo Narayan
http://www.dotnetfunda.com

Nabanita, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response