XSS in Classic ASP
Posted on 2012-03-24
I have a giant sprawling site written in classic asp with many, many pages and forms. We are looking for a solution that can help protect against cross site scripting attacks. The ideal solution would be able to implement a custom regular expression (we would write that) globally or at the page level. We are aware of the standard solutions of validating input and encoding output using htmlEncode.
I need an out of the box solution here guys.
Possibility: Is there any way to override the Response Object or Response.Write in particular to have it validate before it writes...and similarly for the Request object?
Other info: We do have a file that is included into every page. This could be used to implement a page level solution quickly.
Thanks in advance for your brain power!