0

Possible Duplicate:
Best way to handle security and avoid XSS with user entered URLs

Using .Net 4, I have a user setting for specifying the URL to be linked via the company LOGO.

I would like to make this secure from an XSS standpoint, but it doesn't seem like the .Net stuff is making it easy. I've been using Uri, but it seems to puke all over itself when the URL is relative.

How does one go about doing this in a manner that's XSS safe?

Community
  • 1
  • 1
Fred
  • 3,786
  • 7
  • 41
  • 52
  • 1
    What do you mean by User setting? I am having a hard time understanding why you think what you would be doing or what anyone would be doing would open up a cross site scripting attack point? Did you mean something safe from a javascript injection attack? – Scott Stevens Jan 08 '13 at 22:16
  • User inputs a URL, it gets saved to the DB, and output in an href attribute of an anchor tag. – Fred Jan 09 '13 at 02:04

0 Answers0