Home/ Questions/Q 6881545
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T05:07:17+00:00

I have implemented a Request.QueryString[somestr].ToString(); I suppress cross site scripting by doing HttpUtility.HtmlEncode(Request.QueryString[somestr].ToString(); I

  • 0

I have implemented a Request.QueryString["somestr"].ToString();

I suppress cross site scripting by doing HttpUtility.HtmlEncode(Request.QueryString["somestr"].ToString();

I still have an issue where a user can do:

myfriendlydomain.com/?somestr=’;alert(WOO XSS SUCCEDED);test=’

How can I prevent this from happening?

As requested:

//Code Behind
if(request.querystring["somestr"] != null)
{
  AffiliatesEmail = HttpUtility.HtmlEncode(Request.QueryString["somestr"].ToString();    
}

//Front End
<script type="text/javascript">
  //<![CDATA[
    /*** Do not change ***/
    var SomeVAR = {};
    SomeVAR.Tracking.Sale.orderRef = '<%= AffiliatesEmail %>';
  //]]>
</script>

<script src="https://www.somethirdparty.com/somejscript.js" type="text/javascript" defer="defer"> </script>

This is our implementation. Anything afterwards I do not believe is relevant.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can use the JavaScriptStringEncode() Method to scrub the string and encode it to prevent this from happening.

    Another way is to use the AntiXSS library.

    • 0