How do I protect my website from javascript injection attacks when using rich text editors?

Posted by VJ on Stack Overflow See other posts from Stack Overflow or by VJ
Published on 2010-06-02T16:36:05Z Indexed on 2010/06/02 17:33 UTC
Read the original article Hit count: 276

Filed under:

asp.net-mvc-2

|

markitup

|

javascript-injection

Hi all I am using the markitup editor to get the value for one of my fields and storing it a sql server 2008 db. Now I guess the problem is people having script tags and javascript in the editor and injecting malicious scripts and I have my validate input turned false. So can anyone suggest me a way to write a custom validation method that maybe checks for script tags and removes them...or just guide me through the steps i need to do ?...also are there other things also that I should be worried about..?

© Stack Overflow or respective owner

Related posts about asp.net-mvc-2

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
ASP.NET MVC 3 Hosting :: New Features in ASP.NET MVC 3

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Razor View Engine The Razor view engine is a new view engine option for ASP.NET MVC that supports the Razor templating syntax. The Razor syntax is a streamlined approach to HTML templating designed with the goal of being a code driven minimalist templating approach that builds on existing C#, VB… >>> More
PathTooLongException after migrating from ASP.NET MVC 1 to ASP.NET MVC 2

as seen on Stack Overflow - Search for 'Stack Overflow'
I had updated my app from MVC 1 to MVC 2. After that some pages throws PathTooLongException: [PathTooLongException: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.] … >>> More
Differece between Asp.net MVC 1 and Asp.net MVC 2

as seen on Stack Overflow - Search for 'Stack Overflow'
what is differece between Asp.net MVC 1 and Asp.net MVC 2? >>> More
Top 5 reasons for using ASP.NET MVC 2 rather than ASP.NET MVC 1

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using ASP.NET MVC 1 for a while now, and am keen to take advantage of the improvements in MVC 2. Things like validation seem greatly improved, and strongly-typed HTML helper methods look great. So, for those of you who have real-world practical experience of using ASP.NET MVC 1 and are… >>> More

Related posts about markitup

Trying to integrate Jeditable+MarkItUp and Thickbox/Lightbox

as seen on Stack Overflow - Search for 'Stack Overflow'
I've managed to successfully integrate MarkItUp with Jeditable based on the instructions on those two sites. What I would really like to do, however, is to have the Jeditable/MarkItUp editing window appear in a Thickbox or Lightbox overlay. So far my attempts to do this have not been successful. So… >>> More
markitup wysiwyg with a standard HTML form

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to use the markitup editor on my site and I'm having a problem trying to figure out what I need to do to submit the text area to my server side script. I'm guessing there is something simple that needs to be done but my lack of JS/JQuery knowledge is making it really hard to find a… >>> More
Integrating MarkitUp and MarkdownSharp with asp.net forms website

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm using markdownsharp with my asp.net forms website. I want to use MarkItUp as my editor and have found a straight forward article on how to integrate with MVC which seems straight forward enough: http://rsolberg.com/2010/09/asp-net-mvc-markitup-rich-text-editor/ However, how do I do this… >>> More
How to get a value of a textarea using markitup in ASP.NET MVC ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to get the value of the text area that is basically the free Markitup rich text editor <textarea id="markItUp"></textarea> and store it in my variable so how can i do this in asp.net mvc. Also is there any way I can use the HtmlHelper to use the markitup editor, since I can… >>> More
Why the Markitup BBcode preview doesnt work for me?

as seen on Stack Overflow - Search for 'Stack Overflow'
I dont know how to make works BBcode preview on Markitup Editor. I followed all instructions and the editor is working but i really dont understand what to do to make the correct preview appear, actually I can open the windows preview but i cant get the html code. I had download the parser file (markitup… >>> More