Using Razor and reducing chance of an html injection attack

Posted on 2011-10-17
Last Modified: 2012-08-13
Please explain what an html injection attack is, then explain how razor reduces (or eliminates) those from occurring.

Question by:newbieweb
    LVL 74

    Accepted Solution

    Pretty much any "injection" attack is where you abuse a vulnerability in a page to insert raw code into an unvalidated field and have it processed as regular code by engine associated with that code. For example, inserting raw SQL into a text box that is not validated and is passed to a backend database using a concatenated query gives you SQL injection. Posting javascript into a text box that is not validated and is echoed back to the browser gives you an HTML/script injection. This type of injection is also associated with cross-site scripting (XSS). Attacks such as these are why validation of user input is absolutely necessary. All user input should be verified and you should not rely on javascript alone to perform your validations as javacript is a client-side technology and easily circumvented.

    I cannot comment on Razor as I have yet to use it  = )

    Author Closing Comment


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
    Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now