Anti XSS and Classic ASP

Steoates picture Steoates · Apr 7, 2009 · Viewed 20.9k times · Source

I'm currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from Microsoft on the net and I was wondering if this would work with a classic application?

If not do you have any ideas how I could go about sanitizing the strings?

Answer

missaghi picture missaghi · Apr 7, 2009

To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions

Server.HTMLEncode(string) 

The two most important countermeasures to prevent cross-site scripting attacks are to:

  • Constrain input.
  • Encode output.

via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)