全局跨站点脚本操作
[英]Cross site scripting manipulation globally
问题描述
In our application we have a class called GlobalPage.cs this page inherits from Page we have Page load overrides and other there. 
在我们的应用程序中,我们有一个名为GlobalPage.cs的类,此页面是从Page继承的,我们具有Page加载替代项,还有其他替代项。 It was called to our attention we need to add some security to our pages that contain textboxes (some are asp textboxes and others are html inputs). 引起我们注意的是,我们需要为包含文本框的页面添加一些安全性(有些是asp文本框,有些是html输入)。 What we want to do is to be able to check all those fields globally from one place and not do it individually on each page. 我们要做的是能够从一个地方全局检查所有这些字段,而不是在每个页面上单独进行检查。 How can we achieve thi, possibly using the GlobalPage.cs ? 我们如何使用GlobalPage.cs ?
I would appreciate any input or help on what can be done. 我将不胜感激,也可以提供任何帮助。
1 个解决方案
解决方案1
1 已采纳 2012-07-12 18:19:04
There is already some built in protection from malicious input. 已经有一些内置保护措施可以防止恶意输入。 Make sure you did not turn it off. 确保您没有关闭它。
<pages validateRequest="true"...>
Incoming values by themselves are not a problem for XSS. 对于XSS,单独输入值不是问题。 It is rendering of non-escaped values that causes problems. 它是导致问题的非转义值的呈现。 So while sanitizing input is somewhat useful there is no replacement for correct encoding of output. 因此,尽管清理输入有些有用,但是并不能代替输出的正确编码。
Consider reading existing information on XSS protection in ASP.Net like How To: Protect From Injection Attacks in ASP.NET (2.0, note that there are changes in 4.0 - ASP.NET Request Validation ). 考虑阅读有关ASP.Net中有关XSS保护的现有信息,如“ 如何:防止ASP.NET中的注入攻击 (2.0,请注意4.0中有更改-ASP.NET请求验证 )”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.