09 January, 2009
Prevention of cross-site scripting (XSS) attacks in ASP.NET
Posted by Ben Rowland in Web technology,
Rob Conery's blog post on The Perfect Storm Botnet has a lot of great information on the storm botnet and how web developers can inadvertently contribute to the spread of the malware that renders millions of computers into zombie spambots via cross-site script (XSS) injection attacks through website form submissions. Fortunately, there is an easy way in ASP.NET to prevent this: use the HTML.Encode() method on anything output to a webpage.