GibbsUSA.net Blogs  

Sunday, February 05, 2012

 Logon   Back to Blog   Blogs Home   GibbsUSA.net Home  

Archives
 Home... 
 May 2008 (1) 
 August 2007 (2) 
 December 2006 (1) 
 October 2006 (5) 
 		 

Leave your comments...

10/26/2006 4:28 PM: Trapping dangerous client input (eg. cross site script HTML)

With the 1.1 framework, Microsoft introduced the HttpRequestValidationException Class (see HttpRequestValidationException Class).

This exception is thrown when a potentially dangerous input string is received from the client.

To use this class, simply override the System.Web.UI.Page OnError event. For example, add the following code to your page... 

protected override void OnError(EventArgs e)
{
	System.Exception theError = Server.GetLastError();

	if(theError.GetBaseException() is System.Web.HttpRequestValidationException )
	{
		System.Diagnostics.Debug.Assert(false);
		Response.Write("<hr><p align=center>BAD BOY!!! You are trying to insert HTML tags or XSS script to the field.<br>Please use the button below to remove the tags from your input!<br><br>Thank you...</p>");
		Response.Write("<p align=center><input type=button language=javascript value='<< BACK' onclick ='window.history.go(-1);'></p><hr>");
		Response.StatusCode = 200;
		Response.End();        
	}       
}
Print >>> EMail >>>
Comments:
Please log on to the GibbsUSA site to post comments...

 

Join Chris on Facebook 
CLR v2.0.50727.3625

Please see the site Terms And Conditions and the site Privacy Statement.
This entire web site (and the software contents therein) is Copyright © Chris Gibbs 2000-2012.
Any reproduction or copying is expressly forbidden without the prior consent of Chris Gibbs.
For more information, please contact the site WebMaster (WebMaster@GibbsUSA.net).