Wednesday, February 8, 2006 06:13 AM
Input validation is one of the fixes to XSS. Do you think it is a fool proof solution? As getting a comprehensive list of all the acceptable patterns is very difficlut. From the docs that I have gone through I have found that Output Encoding is a better and preffered approach. However I am not able to relate this to URL level parameters. Will encoding of these parameters help, as the encoding schemes are more or less universal and any hacker can easliy encode the mailcious code in the encoding that I might be using.
If you think it makes sense please let me know how can this be achieved.