Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 340
  • Last Modified:

Using Razor and reducing chance of an html injection attack

Please explain what an html injection attack is, then explain how razor reduces (or eliminates) those from occurring.

1 Solution
käµfm³d 👽Commented:
Pretty much any "injection" attack is where you abuse a vulnerability in a page to insert raw code into an unvalidated field and have it processed as regular code by engine associated with that code. For example, inserting raw SQL into a text box that is not validated and is passed to a backend database using a concatenated query gives you SQL injection. Posting javascript into a text box that is not validated and is echoed back to the browser gives you an HTML/script injection. This type of injection is also associated with cross-site scripting (XSS). Attacks such as these are why validation of user input is absolutely necessary. All user input should be verified and you should not rely on javascript alone to perform your validations as javacript is a client-side technology and easily circumvented.

I cannot comment on Razor as I have yet to use it  = )
newbiewebSr. Software EngineerAuthor Commented:

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now