Cross Script Attacks
-
I am trying to prevent from cross script attacks on my site. Trouble is that it is a shared database and I can't garuntee the data coming back is not dangerous. So I am trying to HtmlEncode all data coming from the database. I am using a data access class to fetch all data. This class has a few methods to do this in different forms. Encoding a dataset is easy because you can simple loop through every item and encode it. The problem is with a DataReader. All items are read only so how i can I encode them before they are passed to other classes as a DataReader? Any Ideas? Also is there a better way to encode all data? Like when it is rendering? because nearly everything needs to be encoded.
-
I am trying to prevent from cross script attacks on my site. Trouble is that it is a shared database and I can't garuntee the data coming back is not dangerous. So I am trying to HtmlEncode all data coming from the database. I am using a data access class to fetch all data. This class has a few methods to do this in different forms. Encoding a dataset is easy because you can simple loop through every item and encode it. The problem is with a DataReader. All items are read only so how i can I encode them before they are passed to other classes as a DataReader? Any Ideas? Also is there a better way to encode all data? Like when it is rendering? because nearly everything needs to be encoded.
If it is written in document that use Datareader then You have to search lil more... or else just don;t use Datareader.... because u can then also work fine...
Ravi Kant Srivastava (System Analyst) HandsOn Technology & Engineering Gurgaon (India) e-mail:ravikant@hte.co.in
-
If it is written in document that use Datareader then You have to search lil more... or else just don;t use Datareader.... because u can then also work fine...
Ravi Kant Srivastava (System Analyst) HandsOn Technology & Engineering Gurgaon (India) e-mail:ravikant@hte.co.in
-
I am trying to prevent from cross script attacks on my site. Trouble is that it is a shared database and I can't garuntee the data coming back is not dangerous. So I am trying to HtmlEncode all data coming from the database. I am using a data access class to fetch all data. This class has a few methods to do this in different forms. Encoding a dataset is easy because you can simple loop through every item and encode it. The problem is with a DataReader. All items are read only so how i can I encode them before they are passed to other classes as a DataReader? Any Ideas? Also is there a better way to encode all data? Like when it is rendering? because nearly everything needs to be encoded.
You could extend the DataReader class with and override the ToString method to HTMLEncode everything.