Comments on: ASP.NET MVC: Preventing XSS attacks

By: Sda

Sda — Fri, 21 Oct 2011 01:45:00 +0000

document.cookies = null

By: HTML encoding/escaping with StringTemplate and Spring MVC at Mark Needham

HTML encoding/escaping with StringTemplate and Spring MVC at Mark Needham — Sat, 09 Apr 2011 10:56:41 +0000

[...] wrote a blog post a couple of years ago describing how to do this in ASP.NET MVC and the general idea is that we need to have a custom renderer which HTML encodes any strings that [...]

By: ASP.NET MVC: Pre-compiling views when using SafeEncodingCSharpCodeProvider at Mark Needham

Tue, 24 Mar 2009 12:59:40 +0000

[...] I previously mentioned we’re using Steve Sanderson’s SafeEncodingHelper to protect our website from cross scripting [...]

By: C#: Extensions methods != Open classes at Mark Needham

C#: Extensions methods != Open classes at Mark Needham — Wed, 18 Feb 2009 20:23:00 +0000

[...] In this case it would have been nice to be able to open up the HtmlHelper class and change these methods. Unfortunately since they were defined as extension methods, extending HtmlHelper didn’t give access to them so we ended up coming up with a solution which feels a bit too hacky for my liking. [...]

By: ASP.NET MVC Archived Blog Posts, Page 1

ASP.NET MVC Archived Blog Posts, Page 1 — Mon, 16 Feb 2009 05:41:23 +0000

[...] to VoteASP.NET MVC: Preventing XSS attacks at Mark Needham (2/12/2009)Thursday, February 12, 2009 from Mark NeedhamXSS(Cross site scripting) attacks on websites seem to [...]

By: Mark Needham: Encoding user entered data | Enterprise Java

Mark Needham: Encoding user entered data | Enterprise Java — Sun, 15 Feb 2009 22:34:38 +0000

[...] previously wrote about protecting websites from cross site scripting in the ASP.NET MVC framework by encoding user input when we are going to display it in the [...]

By: Mark Needham: Encoding user entered data | Enterprise Java

Mark Needham: Encoding user entered data | Enterprise Java — Sun, 15 Feb 2009 22:34:38 +0000

[...] previously wrote about protecting websites from cross site scripting in the ASP.NET MVC framework by encoding user input when we are going to display it in the [...]

By: Encoding user entered data at Mark Needham

Encoding user entered data at Mark Needham — Sat, 14 Feb 2009 15:49:48 +0000

[...] previously wrote about protecting websites from cross site scripting in the ASP.NET MVC framework by encoding user input when we are going to display it in the [...]

By: Angus McDonald

Angus McDonald — Fri, 13 Feb 2009 09:20:38 +0000

Mark,

I keep wondering if there is some way to use the new XElement object from System.XML.Linq (currently only in VB.NET) to give us helpers that create strongly typed XHTML.

We are doing something at the moment with our CMS templates in ASP.NET webforms that will use this approach, I’m pretty sure we could come up with something for ASP.NET MVC too – but that still leaves the problem of how to reference them. My gut feel is the HtmlHelper methods will end up being left behind as ASP.NET MVC matures anyway …

Angus/Falkayn

By: Dew Drop - February 12, 2009 | Alvin Ashcraft's Morning Dew

Dew Drop - February 12, 2009 | Alvin Ashcraft's Morning Dew — Thu, 12 Feb 2009 14:43:21 +0000

[...] ASP.NET MVC: Preventing XSS Attacks (Mark Needham) [...]