Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Avoiding XSS vulnerabilities - whitelist?

Tags:

c#

security

xss

What are the best practices to prevent XSS vulnerabilities?

A lot of people on here have mentioned whitelists which sounds like a good idea, but I see many people define the whitelist using a RegEx. This seems inherently flawed because it depends on many factors, the least of which is the RegEx implementation and the skill of the person writing the expression not to make a mistake. Consequently a lot of XSS attacks succeed because they use techniques to make the regex accept them.

What are the best (though maybe more labor intensive than regex whitelist) ways to avoid these vulnerabilities/sanitize user input? Is it even theoretically possible to fully sanitize user input?

1 Answers

Have a look at AntiXSS library.

like image 128
Dmytrii Nagirniak Avatar answered Jan 31 '26 04:01

Dmytrii Nagirniak
Sign in to Comment

Related questions

C# regex to convert camelCase to Sentence case
ReSharper claims that my expression is always true? Is it correct or is it a bug?
UWP / EF Core SqlServer - Threading Dependency
How to invoke lambda method that is non-static using MethodInfo (uses <>c__DisplayClass1)
Extracting lambda expression from LINQ
Overload generic method from interface
Path generated via subst-command not found by System.IO
How to set background color of button in WPF?
Invalid postback or callback argument.Event validation is enabled using
read huge file line by line in c# [duplicate]
HowTo: Using MvcContrib.Pagination without using MvcContrib.Grid View
Server Side code Pushing Data to client Browser while current thread is busy Comet (programming)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!