English German Spanish French Chinese
HomeLearnASP.NET MVC VideosPreventing JavaScript Injection Attacks  

Preventing JavaScript Injection Attacks

Please install Silverlight or click download to watch video locally.

Prevent JavaScript Injection Attacks and Cross-Site Scripting Attacks from happening to you. In this tutorial, Stephen Walther explains how you can easily defeat these types of attacks by HTML encoding your content. For additional information about this video, read the "Preventing JavaScript Injection Attacks" tutorial (C#, VB).

Presented by Stephen Walther

Duration: 11 minutes, 39 seconds

Date: 20 August 2008

Watch    Video   |   Download    Video

Video downloads: WMV  |  Zune  |  iPod  |  PSP  |  MPEG-4  |  3GP

Audio downloads: AAC  |  WMA  |  MPEG-4  |  MPEG-3  |  MPEG-2

Comments : 24

Leave a Comment

cv_vikram : On August 26, 2008 8:42 PM said:

Thanks for the video....
amanprogrammer : On September 16, 2008 4:29 PM said:

You rock Stephen .
developer_rk1 : On September 29, 2008 4:52 AM said:

Excellent Work Stephen!
bikedude : On October 09, 2008 1:06 PM said:

Does the MVC framework do something to disable ASP.Net's built-in protection for JavaScript injection attacks?
jclark434175 : On October 19, 2008 10:11 PM said:

Great video stephen. You really know how to teach MVC.
jmoviedo : On November 16, 2008 7:31 PM said:

That is helpful. Thanks
lgbaustin : On December 09, 2008 7:31 PM said:

Very good .. you just convinced me to get your book.
legerj4463 : On December 18, 2008 1:40 PM said:

Nice video. Just wondering however, wouldn't it make sense to actually not save a message whose content contains a script tag? Creating a helper method that ensures that the string to be saved perhaps before encoding, precludes any <script> content...

legerj4463 : On December 18, 2008 1:48 PM said:

<script>alert("oops")</script>
pinfeather4200 : On December 23, 2008 2:14 PM said:

Im watching these and getting alot; however, Im searching for a reason why I would develop in this fashion as it seems much more complex.  Is it faster?  Anyway will keep going to see if that reveals itself.  Good style and video!!!
.netDeveloper22 : On January 24, 2009 3:24 AM said:

Great video..
pankajrathod84 : On March 03, 2009 1:26 PM said:

&lt;script&gt;alert(&quot;oops&quot;)&lt;/script&gt;
Danny117 : On March 13, 2009 2:47 PM said:

Friday the 13th is always scary.
Djibril_Chimere_DIAW : On March 16, 2009 9:42 AM said:

Thanks! Jërëjëf!
vinothkumarsi : On April 21, 2009 11:49 AM said:

Nice Video
shehandavy : On May 04, 2009 7:43 AM said:

Thanks Stephen! Great tip!
haithemara : On May 11, 2009 2:18 AM said:

great video Stephen . How about a video that prevent sqlinjection .

Thank you.
NYCharles : On May 15, 2009 8:11 PM said:

I actually like the second approach (encode text when adding it to database) better for simplicity and security reason. Simplicity - You don't have to encode the text on every page that display the text. Security - If you forget to encode it, you get the JavaScript execution.

jharr : On May 29, 2009 5:01 AM said:

Very useful video! Can't wait for more!
hareshambaliya : On July 14, 2009 5:30 AM said:

very userful video related security of web site while developing in MVC
v.vivek : On July 31, 2009 9:10 AM said:

very Useful video,Thanks Stephen.
kannank7 : On September 20, 2009 8:07 AM said:

very very informative.. thanks

mohammed.ibrahim : On September 24, 2009 11:34 AM said:

I would also recommend using Regular Expression.

As it will give the developer more control on what the user will type.

Thanks
mac10 : On October 06, 2009 6:44 AM said:

Thanks for the video.

Leave a Comment

You must be logged in to leave a comment. Click here to log in.

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.

Microsoft Communities