Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
i have the following:
responseEncoding=”utf-8″ in the globalization web.config
does that mean if i put the following in my url parameter:
%253Cscript%253Ealert%2528%2527vulnerability%2527%2529%253C%252Fscript%253E
it will return
<script>alert('vulnerability')</script>
or will it prevent it from doing so?
i’m a little confused. could someone please show me an example of what the utf-8 encoding really does?
Thank you!
UTF-8 encoding in response only means that your webserver supports unicode/utf-8, and has nothing to do with decoding the URL in your example. If you are worried about security issues such as xss attacks, you need to consider html encoding text you get from forms or request params in URLs before presenting them on pages.