.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Prevent XSS attack

Posted By:      Posted Date: September 14, 2010    Points: 0   Category :ASP.Net
I have a web form that needs to accept XML/HTML codes.  The default requestValidation is disabled (because that will prevent ANY XML tag.)  The site is internal only and only a few people have access to that form, but I still want to include protection against XSS.  My question is, what should I look for to filter out?Strings that begin with <script is an obvious one.I supposed javascript: is also bad.What else?

View Complete Post

More Related Resource Links

Prevent from Cross-Site Scripting Attack


Hi All

I am really facing a major problem from Cross-Site Scripting Attack, Could anybody help me it would be really grateful. Below is sample script which automatically gets inserted into my HTML and ASPX Pages.

"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"

Thanks in Advance


Debug Leaky Apps: Identify And Prevent Memory Leaks In Managed Code


When is the .NET Garbage Collector unable to reclaim memory? The answer might surprise you. Stay tuned.

James Kovacs

MSDN Magazine January 2007

Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users


In this article, Microsoft security expert Michael Howard discusses the cardinal rules of attack surface reduction. His rules - reduce the amount of code executing by default, reduce the volume of code that is accessible to untrusted users by default, and limit the damage if the code is exploited - are explained along with the techniques to apply the rules to your code.

Michael Howard

MSDN Magazine November 2004

Prevent loading big images ..



i need to prevent loading big images e.g max 100KB

but i only store url

1. user put url with image (i remember this string in database not image itself)

this cause that i can not check image size before store url in database

because user can store url and after this operation put bigger file at that location)

2. my web page generate some different image based on first image

and i need to load portion of image 

to stream and set buffer size to 100KB + 1 Byte

if stream is larger than 100KB that user put bigger file 

how can i accomplish that?

FileStream can not use URI as location only disc location

what should i use instead?

please help,

Karol Bieniaszewski

Prevent Concurrent Logins ? [ Already logged in or currest session is still active implementation] ?


Hi Experts ,

I searched over the web but no luck so far and thought of getting some help form gurus .

Did any out really implemented a way to handle concurrent logins ?

Please not that i'm no using either forms authentication or Roles/Memberships , I do have custom authentication for my website .

I'm sure it is someway related  with global.asax file handling something in application events and session events but unable to figure this one out .

Any pointers will highly be valued and appreciated .

Thanks a tonne in advance .

how to write a stored proc to prevent multiple users in uploading the reports at a time? plsss help



I wanted to know how to prevent more than one user from uploading the report at a time .I am new to .net ,plss help with the code that would be great.Details are below:

This is a Windos based app written in c# . When User A  clicks Upload option on  one server  from the menu  to upload the files  and at the same time when User B clicks Upload option on different server , User B should be alerted a message saying "User A's uploading is in progress,pls wait" . How to achieve this, plsss help with the code.. I am thinking this logic should be kept in a stored proc, How do I write that proc? plss help


Thanks in advance!

How do I prevent displaying membership of an AD group in Colleague Tracker web part?


I'm a big fan of the Colleague Tracker web part in MOSS 2007 My Sites, especially the option to show 'Membership Changes'. This is often useful in highlighting that a colleague has been added to a certain AD group.

We now want to hide the membership of certain AD groups from the colleague tracker. For example, if an AD group called 'Project X' is created, we don't want membership of the group broadcast throughout the My Sites where colleagues are tracking colleagues.

My first thought was that we could use AD to 'deny read' on the 'Project X' AD group to all SharePoint related service accounts. This does not appear to have worked, although perhaps the configuration is more complex? The best approach would seem to be to prevent the group membership data ever being imported from AD to the SSP, hence my 'deny read' approach.

Has anyone successfully implemented this, or does anyone have any better ideas?


How to detect and prevent new browser instance


Hi Folks,

I have a problem w/ a web app which is probably fairly common, but I cannot find any solutions anywhere. Hopefully someone will have an idea.

The web app in question provides a UI for editing a client (in the business sense, not the browser sense), identified by a ClientID.  I store the ClientID in Session, which gets passed from page to page, along with a number of other pieces of data in Session.  Works great.

The problem is that if the user opens a new browser window using Ctrl N or File->New Window (in IE), the new window comes up with the same page as the current page, with the same session info. Then if the user navigates to a different client in the 2nd window, the ClientID in session refers to the new client. If they go back to the original browser window and save, the original client gets saved using the 2nd ClientID, and all hell breaks loose, because now the data from the two jobs are intertwined.

I have enabled trace and verified that the new browser window uses the same SessionID as the original.  If an entirely new instance of IE is opened, it has a different SessionID, so is not a problem.  I have not yet investigated other browsers, such as Chrome or Firefox.

Is there any way to determine if a browser instance is opened for a web app which is already open in

Combobox SelectionChanged: Prevent firing for every keystroke?

Is it possible for this event to fire only when the user clicks an item from combobox with the mouse or when they hit enter on it like the old 2.0 combobox worked? I have tried messing aroudn with the new selectionchanged event but I cannot figure it out. I looked on the forums here for help but only found someone returning the even to fire only when items they type are in the combobox. Thanks all help appreciated.GINtech Systems Owner

To prevent possible data loss before loading the designer, the following errors must be resolved: In

To prevent possible data loss before loading the designer, the following errors must be resolved: The class Form can be designed, but is not the first class in the file. Visual Studio requires that designers use the first class in the file. Move the class code so that it is the first class in the file and try loading the designer again. Instances of this error (1) 1. Hide Call Stack at System.ComponentModel.Design.Serialization.CodeDomDesignerLoader.EnsureDocument(IDesignerSerializationManager manager) at System.ComponentModel.Design.Serialization.CodeDomDesignerLoader.PerformLoad(IDesignerSerializationManager manager) at Microsoft.VisualStudio.Design.Serialization.CodeDom.VSCodeDomDesignerLoader.PerformLoad(IDesignerSerializationManager serializationManager) at System.ComponentModel.Design.Serialization.BasicDesignerLoader.BeginLoad(IDesignerLoaderHost host) Thanks! This post is from Matthew Cenance.

How to prevent thread form being stopped/aborted?

I'm not sure if it's a CLR related issue but at the same time i can't say it isn't. The problem is as follows: I have created a windows forms user control that spawns a thread(running a form). The thread is not a background thread and it's not supposed to exit until the form gets closed. It works as desired when the control is hosted in a windows forms application. The problem starts when i want to host it inside a html page. All works fine as long as the page containing the control is opened. Things get a bit weird when i redirect or close the tab(not the window; more tabs are opened). Exactly 1 minute from this moment the thread gets aborted. public partial class IEControl : UserControl { public IEControl() { InitializeComponent(); } private System.Threading.Thread t; private MainForm mf; private void IEControl_Load(object sender, EventArgs e) { GoThread(); } public void GoThread() { try { t = new System.Threading.Thread(RunForm); t.IsBackground = false; t.Start(); } catch (Exception ex) { MessageBox.Show(ex.Message); } } private void RunForm() { mf = new MainForm(); Application.Run(mf); GC.KeepAlive(mf); GC.KeepAlive(this); } } I'm a bit confused at this point. Where could I get any information on this topic if it's not a CLR/GC related issue.

How to prevent Propagation from subscriber to Publisher in some occations

We are using merge application. We need sometimes delete some tables at subscriber and that delete command or any other command  should not propagate to Publisher and other subscribers. And sometimes it should be refilled from Publisher. Is it possibe? Second question : My publisher crashed two times. I could attach the database after restoring the OS. But at subscriber I am unable to modify some table and it gives the error invalid object name 'dbo.msmerge.......'. Replication is working fine. What is the reason for this error and how I can get rid of it?

How to Prevent the expand/collapse behaviour of my Custom Activity?

  How can I prevent the expand feature of my custom activity with custom designer ? I have custom WF4 activities with Custom designers. These activities are not container activities. I just want to prevent the expand feature of the same; just like Assign activity. I set the Collapsible attribute of teh ActivityDesigner false; but still it is expanding to the next level. Thanks AmbilyIT Analyst

How to prevent a C# Winforms program from appearing in Task Manager?

How to prevent a C# Winforms program from appearing in Task Manager?   thank's in advance

How to prevent Javascript window to steal focus

Hi,I have made an asp.net web application in which i open a javascript window for 4 seconds at regular interval . The problem is that when window opens it steals focus from current application. For example when application is running in background or is minimized and i am typing in word/Excel or outlook, the window pops up and steals the input focus.I want to popup window in some way that it never steal focus from some other application, just like msn or gtalk notification when someone sign in/out.Please suggest how it can be done ? Thanks

To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the s

The following error is issued following 10 minutes of system inactivity: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: The message could not be processed. This is most likely because the action 'http://tempuri.org/IParticipant/SearchParticipants' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding. Per the message, I tried changing the app config on the client from     receiveTimeout     ="00:10:00" to     receiveTimeout="10:00:00" but the change seems to have no impact.  What am I missing?
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend