OEGrasshopper
asked on
XSS in Classic ASP
I have a giant sprawling site written in classic asp with many, many pages and forms. We are looking for a solution that can help protect against cross site scripting attacks. The ideal solution would be able to implement a custom regular expression (we would write that) globally or at the page level. We are aware of the standard solutions of validating input and encoding output using htmlEncode.
I need an out of the box solution here guys.
Possibility: Is there any way to override the Response Object or Response.Write in particular to have it validate before it writes...and similarly for the Request object?
Other info: We do have a file that is included into every page. This could be used to implement a page level solution quickly.
Thanks in advance for your brain power!
I need an out of the box solution here guys.
Possibility: Is there any way to override the Response Object or Response.Write in particular to have it validate before it writes...and similarly for the Request object?
Other info: We do have a file that is included into every page. This could be used to implement a page level solution quickly.
Thanks in advance for your brain power!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER