XSS - Output Encoding in URL
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Vikas_batra
Posted On:   Wednesday, February 8, 2006 06:13 AM

Input validation is one of the fixes to XSS. Do you think it is a fool proof solution? As getting a comprehensive list of all the acceptable patterns is very difficlut. From the docs that I have gone through I have found that Output Encoding is a better and preffered approach. However I am not able to relate this to URL level parameters. Will encoding of these parameters help, as the encoding schemes are more or less universal and any hacker can easliy encode the mailcious code in the encoding that I might be using.
If you think it makes sense please let me know how can this be achieved.

Thanks
Vikas

About | Sitemap | Contact