Text after "
I have some PageMethods (marked with a page & static methods; WebMethod & gt; ) Some pages defined on them and call them through AJAX calls. For this server, apparently the data sent to the ASP.NET code is deemed possible if XSS does not trigger that HttpRequestValidationException will lift, then I want to make a replica to run it in my page methods that check the code .
Anyone know the details of that code or where can I find it? I saw in the MS AntiXss library, but it does not really check the input, AFAIK encoding,
edit:. Or point me in the direction of a library or code or something similar that checks
After
Stack trace is doing analysis when a system.Web.HttpRequestValidationException is raised We can know what code is throwing is.
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous request. The form value detected by the client (IdentifierTextBox = "
system. Web.HttpRequest.ValidateString (string value, string collection, requestValificationSource requestcollection)
Using reflector, we find that ValidateString Calling: RequestValidator.Current.IsValidRequestString, which in turn calls CrossSiteScriptingValidation.IsDangerousString:
Internal Fixed bool IsDangerousString (string s, out-integer match index) {matchIndex = 0; int startIndex = 0; while (true) {i nt num2 = s.IndexOfAny (initial chairs, startindex); if (num2 
Comments
Post a Comment