It's a redundent question on the Internet, but yet, no simple answer. I know I won't get rid of all XSS simply by filtering, but I'd like to start with it. I am currently working on ASP Classic project with server code written in JScript (not the usual VBScript). We found that we were vulnerable to some XSS attack. One is pretty tough to get rid of, since I am not a javascript master. When you use a URL like the one below, the attack is succesfull.\[quote\] http://www.google.com\[/quote\]I tried the HTMLEncode, the replace method on the NumVol parameter string... But it still displays the cookie. All I'm looking for is a small replace method, a regex or whatever simple thing to manage that particular case. This is an old production app and they don't want to spend much time on it. Just some security basics. We are definitely not instaling a library that rely on .NET (like OWASP) to fix this for now, because we will rebuild the app in .NET soon.
ASP Classic filter for “onmouseover” keyword xss
- Thread starter DarenUS
- Start date