General Question

archaeopteryx's avatar

What is the best way to fix an XSS problem in a website?

Asked by archaeopteryx (1004points) November 15th, 2009

There’s this website for my friend that suffers a serious XSS (Cross-Site Scripting) vulnerability. What is the best way to deal with it?

Observing members: 0 Composing members: 0

4 Answers

phoenyx's avatar

Generally speaking, you scrub all input from users and escape it everywhere it might be displayed. Without more details I can’t give a more detailed answer.

phoenyx (7419points)“Great Answer” (1points) Flag as…
archaeopteryx's avatar

Well, the site is built with ASP.Net (which I hate to the core).
I’m really not sure about the technical details, though.
All I know is that it’s vulnerable to XSS, because I detected that by myself (ya know, like throwing a simple HTML line to a search bar and seeing if it gets rendered).

archaeopteryx (1004points)“Great Answer” (0points) Flag as…
Vincentt's avatar

I believe the adagium to keep in mind was “filter input, escape output”. Googling that should turn up some useful results.

Vincentt (8094points)“Great Answer” (0points) Flag as…
Response moderated (Spam)

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther