how to solve Cross-site scripting (XSS) vulnerabilities asp.net

Asked Apr 03 '13 at 07:12

Active Apr 03 '13 at 07:12

Viewed 992 times

While using

return Json(educationModel, JsonRequestBehavior.AllowGet);

Where educationModel is the object of the controller which iam using.

But I am getting an security issue shown below.

"The method sends unvalidated data to a web browser ,which can result in the browser executing malicious code".

I understand it is because of "Cross-site scripting (XSS) vulnerabilities".

I am using MVC 3.0 with Framework 4.0.

Can any one give me the solution for this?How to fix this?

Thanks in advance

asked Apr 03 '13 at 07:12

user2223819

Have you tried using ValidateAntiForgeryToken ? – Karthik Chintala Apr 03 '13 at 07:15
No i didn't , can you please elaborate or share the code snippet please? – user2223819 Apr 03 '13 at 07:21
@karthik ValidateANtiForgeryToken is for CSRF attacks. for XSS http://msdn.microsoft.com/en-us/library/ms972969.aspx#securitybarriers_topic6 http://stackoverflow.com/questions/3955658/how-do-you-avoid-xss-vulnerabilities-in-asp-net-mvc – Ravi Gadag Apr 03 '13 at 07:42
Can any one help me out? – user2223819 Apr 03 '13 at 07:57
@Ravi yes you are correct – Karthik Chintala Apr 03 '13 at 08:32
@user2223819 here is the [Magazine from msdn on AntiXSS](http://msdn.microsoft.com/en-us/magazine/hh708755.aspx) and a blog post from [JGalloway](http://weblogs.asp.net/jgalloway/archive/2011/04/28/using-antixss-4-1-beta-as-the-default-encoder-in-asp-net.aspx) – Karthik Chintala Apr 03 '13 at 08:35
any help . Please give me some solutions. – user2223819 Apr 03 '13 at 08:47

0 Answers0