Hi
I have had trouble on an older site with cross-site scripting attacks and I want to be extra sure that I have the proper level of validation in place for upgrading the site.
My question is:
If I have a RadGrid with template columns and the editForm in window mode, and use the standard asp.net validators,
with - regular expression validation for best security - what happens if the attacker has javascript turned off (the usual case)?
IE does the server side equivalent validation take place anyway, and prevent the postback?
And if not, how do I add the server side validation? ie get access to the edit or insert data before it is irrevocably
saved to the database.
Additionally I would want to check for the insertion of words like script, select, insert, update, delete, files with .js extension etc.
Thanks!
Clive
I have had trouble on an older site with cross-site scripting attacks and I want to be extra sure that I have the proper level of validation in place for upgrading the site.
My question is:
If I have a RadGrid with template columns and the editForm in window mode, and use the standard asp.net validators,
with - regular expression validation for best security - what happens if the attacker has javascript turned off (the usual case)?
IE does the server side equivalent validation take place anyway, and prevent the postback?
And if not, how do I add the server side validation? ie get access to the edit or insert data before it is irrevocably
saved to the database.
Additionally I would want to check for the insertion of words like script, select, insert, update, delete, files with .js extension etc.
Thanks!
Clive