Preventing JavaScript Injection Attackshttp://www.asp.netTue, 20 Apr 2010 03:53:35 GMTumbracoComments for Preventing JavaScript Injection AttacksenComment Posted by cv_vikramhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 26 Aug 2008 20:42:07 GMT00000000-0000-0000-000000006982Thanks for the video....

]]>Comment Posted by amanprogrammerhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 16 Sep 2008 16:29:55 GMT00000000-0000-0000-000000006983You rock Stephen .

]]>Comment Posted by developer_rk1http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksMon, 29 Sep 2008 04:52:16 GMT00000000-0000-0000-000000006984Excellent Work Stephen!

]]>Comment Posted by bikedudehttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksThu, 09 Oct 2008 13:06:25 GMT00000000-0000-0000-000000006985Does the MVC framework do something to disable ASP.Net's built-in protection for JavaScript injection attacks?

]]>Comment Posted by jclark434175http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksSun, 19 Oct 2008 22:11:13 GMT00000000-0000-0000-000000006986Great video stephen. You really know how to teach MVC.

]]>Comment Posted by jmoviedohttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksSun, 16 Nov 2008 19:31:56 GMT00000000-0000-0000-000000006987That is helpful. Thanks

]]>Comment Posted by lgbaustinhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 09 Dec 2008 19:31:40 GMT00000000-0000-0000-000000006988Very good .. you just convinced me to get your book.

]]>Comment Posted by legerj4463http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksThu, 18 Dec 2008 13:40:03 GMT00000000-0000-0000-000000006989Nice video. Just wondering however, wouldn't it make sense to actually not save a message whose content contains a script tag? Creating a helper method that ensures that the string to be saved perhaps before encoding, precludes any <script> content...

]]>Comment Posted by pinfeather4200http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 23 Dec 2008 14:14:39 GMT00000000-0000-0000-000000006991Im watching these and getting alot; however, Im searching for a reason why I would develop in this fashion as it seems much more complex.  Is it faster?  Anyway will keep going to see if that reveals itself.  Good style and video!!!

]]>Comment Posted by .netDeveloper22http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksSat, 24 Jan 2009 03:24:17 GMT00000000-0000-0000-000000006992Great video..

]]>Comment Posted by Djibril_Chimere_DIAWhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksMon, 16 Mar 2009 09:42:20 GMT00000000-0000-0000-000000006995Thanks! Jërëjëf!

]]>Comment Posted by vinothkumarsihttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 21 Apr 2009 11:49:37 GMT00000000-0000-0000-000000006996Nice Video

]]>Comment Posted by shehandavyhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksMon, 04 May 2009 07:43:03 GMT00000000-0000-0000-000000006997Thanks Stephen! Great tip!

]]>Comment Posted by haithemarahttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksMon, 11 May 2009 02:18:39 GMT00000000-0000-0000-000000006998great video Stephen . How about a video that prevent sqlinjection .

Thank you.

]]>Comment Posted by NYCharleshttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksFri, 15 May 2009 20:11:34 GMT00000000-0000-0000-000000006999I actually like the second approach (encode text when adding it to database) better for simplicity and security reason. Simplicity - You don't have to encode the text on every page that display the text. Security - If you forget to encode it, you get the JavaScript execution.

]]>Comment Posted by jharrhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksFri, 29 May 2009 05:01:29 GMT00000000-0000-0000-000000007000Very useful video! Can't wait for more!

]]>Comment Posted by hareshambaliyahttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 14 Jul 2009 05:30:43 GMT00000000-0000-0000-000000007001very userful video related security of web site while developing in MVC

]]>Comment Posted by v.vivekhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksFri, 31 Jul 2009 09:10:01 GMT00000000-0000-0000-000000007002very Useful video,Thanks Stephen.

]]>Comment Posted by kannank7http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksSun, 20 Sep 2009 08:07:52 GMT00000000-0000-0000-000000007003very very informative.. thanks

]]>Comment Posted by mohammed.ibrahimhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksThu, 24 Sep 2009 11:34:35 GMT00000000-0000-0000-000000007004I would also recommend using Regular Expression.

As it will give the developer more control on what the user will type.

Thanks

]]>Comment Posted by mac10http://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 06 Oct 2009 06:44:42 GMT00000000-0000-0000-000000007005Thanks for the video.

]]>Comment Posted by Westnyoraihttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksSun, 17 Jan 2010 04:43:58 GMT00000000-0000-0000-000000007006Hi Stephen, your video is a great intro, but... with all the new html rich controls out there today, such as htmleditor that comes with ajax control toolkit there are times you will need to be a bit more advance. May I suggest the following function I wrote using the assistant of several other users' scripts online. (I would name them if I could)

sanzon.wordpress.com/

]]>Comment Posted by gangelohttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksThu, 11 Mar 2010 18:55:35 GMT00000000-0000-0000-000000007007Stephen, why do we need your BIG head, bottom right, taking up valuable vid real estate in these vids!!! :)

]]>Comment Posted by fcartuhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksMon, 22 Mar 2010 13:03:49 GMT00000000-0000-0000-000000007009Hey, great video. Actually i like to save all the text with Server.HtmlEnconde directly to the database!!!

]]>Comment Posted by vvvvvdevhttp://www.asp.net/mvc/videos/mvc-2/how-do-i/preventing-javascript-injection-attacksTue, 20 Apr 2010 03:53:35 GMT00000000-0000-0000-000000007010you are the genius stephen

]]>