February 2010
Beginner
400 pages
11h 13m
English
Content preview from Introducing .NET 4.0: with Visual Studio 2010
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
13.11. ASP.NET MVC and Security
In any web application, it is important not to trust user input and to limit as much as possible the areas the attacker can exploit. Validation and strong typing can assist with this. One of the biggest dangers facing any web application is cross-site scripting (XSS).
XSS )occurs when an application allows a user to submit code that is then rendered unencoded on a page. Malicious users can submit JavaScript code to an application that will then be run when a page is loaded. Imagine if a user were to post JavaScript code on a forum that would then be run by all users viewing the page. At best, this could be annoying, but the bad code could also be performing tasks such as stealing other users' session identifiers ...