bigggnick Posted March 16, 2007 Share Posted March 16, 2007 Hey all,I was helping a friend with a site that i found some xss in. I know some php, engough to know about strip_tags(). I want to help him get rid of the xss, but im not sure how to do it in asp. Any help? Much appreciated.Thanks Link to comment Share on other sites More sharing options...
Yahweh Posted March 17, 2007 Share Posted March 17, 2007 You need to define your own strip_tags() function. You can strip tags easily with regex. Public Function strip_tags(someString) Dim myRegex Set myRegex = new regexp myRegex.global = True myRegex.IgnoreCase = true myRegex.Multiline = true myRegex.Pattern = "<[^> ]+[\s\S]*?>" 'matches any valid tag strip_tags = myRegex.Replace(someString, "")End Function You might need a more powerful regex, because that won't catch malformed tags. However, it should be good enough to get you started. Link to comment Share on other sites More sharing options...
Yahweh Posted March 20, 2007 Share Posted March 20, 2007 It just occurred to me, another way to get rid of cross site scripting is using something like this: Function sanitize_input(someString) santize_input = Server.HTMLEncode(someString)End Function That converts >, <, " (double quotes), and a few other characters to their harmless ascii equivalents, >, <, "e;. Link to comment Share on other sites More sharing options...
bigggnick Posted April 4, 2007 Author Share Posted April 4, 2007 thanks, sorry for my lateness but i really appreciate it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now