Anti XSS and Classic ASP

security asp-classic xss
Steoates picture Steoates · Apr 7, 2009 · Viewed 20.9k times · Source

I'm currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from Microsoft on the net and I was wondering if this would work with a classic application?

If not do you have any ideas how I could go about sanitizing the strings?

Answer

missaghi picture missaghi · Apr 7, 2009

To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions 

Server.HTMLEncode(string)

The two most important countermeasures to prevent cross-site scripting attacks are to:

  • Constrain input.
  • Encode output.

via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)

Related questions

Classic ASP SQL Injection Protection

What is a strong way to protect against sql injection for a classic asp app? FYI I am using it with an access DB. (I didnt write the app)

Read More
How exactly do you configure httpOnly Cookies in ASP Classic?

I'm looking to implement httpOnly in my legacy ASP classic sites. Anyone knows how to do it?

Read More
Good way to sanitize input in classic asp

I have to update old projects at work. I do not have any experience with classic asp, although i'm familiar with php scripting. Are there any functions I should use? Can you provide me with a good function for some …

Read More