List of special charter which cause issue on post

Question

I want to avoid script injection in my already running asp.net application, so I have added FilteredTextBoxExtender with every text box at run time on Pagebase Init event and that works perfectly, where I have defined "<>&" charters which are invalid.

I want to know all special charters which cause an issue for script injection.

score 0 · Accepted Answer · edited May 23 '17 at 12:05

0

Try using Server.HTMLEncode and Server.HTMLDecode.

The less-than character (<) is converted to <.
The greater-than character (>) is converted to >.
The ampersand character (&) is converted to &.
The double-quote character (") is converted to ".
Any ASCII code character whose code is greater-than or equal to 0x80 is converted to &#, where is the ASCII character value.

More details
http://msdn.microsoft.com/en-in/library/ms525347%28v=vs.90%29.aspx

Edit 1

Some SO links
ASP.NET Server.HtmlEncode Limitations
Why is Server.HtmlEncode required?

Edit 2

You can refer to this link
What characters or character combinations are invalid when ValidateRequest is set to true?

edited May 23 '17 at 12:05

Community

1
1

answered Mar 13 '13 at 11:36

शेखर

17,412
13
61
117

But if I allow those characters to be valid and even encode it, then I have to set validateRequest="false" which I cant do cause of some other security issues .. – Neeraj Kumar Gupta Mar 13 '13 at 11:43
so these are only charters which cause issue ? – Neeraj Kumar Gupta Mar 13 '13 at 11:44
@NeerajKumarGupta I have update my answer which has a similar link. – शेखर Mar 13 '13 at 11:47

List of special charter which cause issue on post

1 Answers1

Edit 1

Edit 2