Proper Procedures to Prevent Cross Site Scripting.
-
Issue: I need to prevent cross site scripting Current Solution: 1. Create a token based on session id and time in the Global Session Start method. 2. Store token in hidden form variable on every page load. 3. On submission, compare form variable with session token. Question: What is the proper way to implement my solution? This has to be wrong. I can not see in anyway how this would prevent CSS. Under no circumstances would the form variable differ from the session variable.
:)
-
Issue: I need to prevent cross site scripting Current Solution: 1. Create a token based on session id and time in the Global Session Start method. 2. Store token in hidden form variable on every page load. 3. On submission, compare form variable with session token. Question: What is the proper way to implement my solution? This has to be wrong. I can not see in anyway how this would prevent CSS. Under no circumstances would the form variable differ from the session variable.
:)
or just read this; How To: Prevent Cross-Site Scripting in ASP.NET[^]
I know the language. I've read a book. - _Madmatt
-
Issue: I need to prevent cross site scripting Current Solution: 1. Create a token based on session id and time in the Global Session Start method. 2. Store token in hidden form variable on every page load. 3. On submission, compare form variable with session token. Question: What is the proper way to implement my solution? This has to be wrong. I can not see in anyway how this would prevent CSS. Under no circumstances would the form variable differ from the session variable.
:)