| |
|
|
|
|
|
|
|
|
bikedude
: On
October 09, 2008 1:06 PM
said:
|
Does the MVC framework do something to disable ASP.Net's built-in protection for JavaScript injection attacks?
|
|
|
|
jclark434175
: On
October 19, 2008 10:11 PM
said:
|
Great video stephen. You really know how to teach MVC.
|
|
|
|
jmoviedo
: On
November 16, 2008 7:31 PM
said:
|
|
|
|
|
|
lgbaustin
: On
December 09, 2008 7:31 PM
said:
|
Very good .. you just convinced me to get your book.
|
|
|
|
legerj4463
: On
December 18, 2008 1:40 PM
said:
|
Nice video. Just wondering however, wouldn't it make sense to actually not save a message whose content contains a script tag? Creating a helper method that ensures that the string to be saved perhaps before encoding, precludes any <script> content...
|
|
|
|
|
legerj4463
: On
December 18, 2008 1:48 PM
said:
|
<script>alert("oops")</script>
|
|
|
|
pinfeather4200
: On
December 23, 2008 2:14 PM
said:
|
Im watching these and getting alot; however, Im searching for a reason why I would develop in this fashion as it seems much more complex. Is it faster? Anyway will keep going to see if that reveals itself. Good style and video!!!
|
|
|
|
|
|
pankajrathod84
: On
March 03, 2009 1:26 PM
said:
|
<script>alert("oops")</script>
|
|
|
|
Danny117
: On
March 13, 2009 2:47 PM
said:
|
Friday the 13th is always scary.
|
|
|
|
|
|
|
|
shehandavy
: On
May 04, 2009 7:43 AM
said:
|
Thanks Stephen! Great tip!
|
|
|
|
haithemara
: On
May 11, 2009 2:18 AM
said:
|
great video Stephen . How about a video that prevent sqlinjection . Thank you.
|
|
|
|
NYCharles
: On
May 15, 2009 8:11 PM
said:
|
I actually like the second approach (encode text when adding it to database) better for simplicity and security reason. Simplicity - You don't have to encode the text on every page that display the text. Security - If you forget to encode it, you get the JavaScript execution.
|
|
|
|
jharr
: On
May 29, 2009 5:01 AM
said:
|
Very useful video! Can't wait for more!
|
|