posted on Saturday, January 31, 2004 9:02 PM
by
stefandemetz
Hardening ASP.NET - avoid cross site scripting and script injection - Part 1
Scott Hanselman's excellent article on MSDN shows how to filter dangerous characters from input. My take was to override the Textbox, TextArea and Password controls and add a custom property with validating code for characters, numeric, allAllowed and noDangerousChars. This allows for set the proper data validation at runtime.
Here is more
All the failing input should be logged !!