Preventing cross-site scripting in ASP.NET MVC - using jQuery or standard HtmlHelpers
Posted
by user313353
on Stack Overflow
See other posts from Stack Overflow
or by user313353
Published on 2010-04-20T11:40:49Z
Indexed on
2010/04/20
11:43 UTC
Read the original article
Hit count: 239
I am building an ASP.NET MVC application that is AJAX-driven. For some reason I need to add some DOM elements on the fly when clicking a submit button. This is accomplished with jQuery.append().
One element inserted is a textarea, whose the data must be parse before submitting to ensure that no cross-site scripting can be done.
We know that the Html.Encode() works great but must be declared outside a script tag. All I have done with jQuery is embedded within a script tag.
1) Is there a way to take advantage of the Html.Encode() within a script tag?
2) How can I accomplish this with jQuery?
At worst I can use HttpUtility.HtmlEncode(), which is called on the server-side.
Thanks for your help.
Roland
© Stack Overflow or respective owner