Using a Generic Method to Encode String Properties In Order To Avoid Cross Site Scripting Attacks

Cross Site Scripting Attacks (XSS Attacks) are a real problem, don’t make the mistake of thinking they aren’t in widespread use or that you are not vulnerable. During the development of your project you need to explicitly take stepsĀ  to avoid exposing your sites visitors to this serious issue. You can use the Microsoft Web Protection Library to reduce the risk of XSS attacks, get it hereĀ http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651

Recently I developed a simple generic method that I can pass objects to which will loop over the properties and automatically HTML encode any that are strings. This is useful when you use ORM systems such as Linq2Sql or ADO.NET Entity Framework, which generate an object model of your database which often include properties of type String.

Here is how to call the method:

 

Here is the code:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × four =