How to prevent XSS attack for asp.net application? I cannot changed the existing applicaiton, what I can do is only to add some codes to it.
There are some programs that can clean the HTML. But how can I tell which script is "good" tags in the application and which one is "bad" tags which comes from attackers.
For example <scrip>Document.wirte("...")</script> may be "good" script which is needed in the application. It may also be "bad" script that comes from attackers.