Sunday, August 1, 2010

Protect yourself from XSS attack with new ASP 4.0 nuggets

In ASP.NET 4.0, you can replace your usually habit to use <%=%> with this new nuggets <%: %>
This will automatically protect your applications against cross-site script injection (XSS) and HTML injection attacks and avoid duplicate encoding.

So you don't need to worry if you forget to encode your string in the aspx files. or protect it using AntiXSS.

It's very usefull in combination of MVC framework 2.0

No comments: