Often this Cross Site Scripting has been talked during some site updates and been forgotten. Perhaps if you have installed .NET Framework 1.1, then Scripting and HTML tags via QueryStrings or HTML form tags are just stopped by the framework with the message similar to the following one:
Of course, the framework gives an option to enable the page being exempt from this HTTP Request Validations. But it is strongly recommended to have the framework validate your requests before they are being processed by our scripts. Is'nt it?A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in theconfiguration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").
Related Links On Cross Site Scripting:
No comments:
Post a Comment