Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable ASP.NET Request Validation, make sure all output is encoded #13

Open
riipah opened this issue Jan 15, 2015 · 0 comments
Open

Disable ASP.NET Request Validation, make sure all output is encoded #13

riipah opened this issue Jan 15, 2015 · 0 comments
Labels
complexity: unknown Unknown days of work feature request .NET Software framework: .NET priority: low Issues/Tasks that are not so important security Security text Text/Characters display (Markup language: Markdown)

Comments

@riipah
Copy link
Member

riipah commented Jan 15, 2015

VocaDB is still using the default ASP.NET request validation which prevents posting HTML or other suspicious inputs.

However, this mechanism is too limited, as many entries use characters that are currently blocked by the request validation. A better way would be to disable request validation at least for entry submissions and instead make sure that output is encoded in all cases. Output encoding should obviously be done in any case, even if request validation is still enabled.

This task includes mostly testing, making sure that cross site scripting isn't possible.
@riipah riipah removed the enhancement label Oct 1, 2016
@ycanardeau ycanardeau added this to the Backlog milestone Nov 19, 2020
@andreoda andreoda added .NET Software framework: .NET text Text/Characters display (Markup language: Markdown) labels Apr 21, 2023
@andreoda andreoda removed this from the Backlog milestone Apr 26, 2023
@andreoda andreoda added the complexity: unknown Unknown days of work label Mar 6, 2024
@andreoda andreoda added the priority: low Issues/Tasks that are not so important label Mar 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: unknown Unknown days of work feature request .NET Software framework: .NET priority: low Issues/Tasks that are not so important security Security text Text/Characters display (Markup language: Markdown)
Projects
Ideas, new features, other additions
Status: Requested/Todo
Milestone
No milestone
Development

No branches or pull requests
4 participants
@riipah @Shiroizu @ycanardeau @andreoda