XSS:Server.HTMLEncode: is't poor validation?

227 views
Skip to first unread message

GaN

unread,
Dec 15, 2013, 5:44:42 AM12/15/13
to null-...@googlegroups.com
HP fortify reported server.htmlencode is a poor validation and MEDIUM issue. Can anyone tell me what is the remediation for this.... 

vijay patil

unread,
Dec 15, 2013, 9:12:57 AM12/15/13
to null-...@googlegroups.com

Hey use Encoder.HtmlEncode() method from Microsoft antixss library 4.2..sever.htmlencode() method uses blacklisting and Encoder.HtmlEncode() method uses whitelisting.

On 15 Dec 2013 16:23, "GaN" <nagar...@gmail.com> wrote:
HP fortify reported server.htmlencode is a poor validation and MEDIUM issue. Can anyone tell me what is the remediation for this.... 

--
_______________________________________________________________________________
nullcon goa V - spread love... not malware...
12-15th Feb 2014
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

GaN

unread,
Dec 16, 2013, 1:58:52 PM12/16/13
to null-...@googlegroups.com
Hi..if output is context in the script... other than Html page. then encoder.HTMLEncode is again vulnerable for XSS?

vijay patil

unread,
Dec 17, 2013, 12:20:51 AM12/17/13
to null-...@googlegroups.com

Hi can u give any eg. Or piece of code so that question will be more clear.

--
Reply all
Reply to author
Forward
0 new messages