WebApp Sec mailing list archives
HTMLEncode
From: Alfred Hitchcock <alfredhitchcock_007 () yahoo com>
Date: 7 Jan 2005 10:39:46 -0000
Hello everybody, Could anybody tell me how you can bypass Server.HtmlEncode as it only checks for 4 characters. i.e. &,<,>,". So is there any other way of bypassing HtmlEncode which can further lead to XSS
Current thread:
- HTMLEncode Alfred Hitchcock (Jan 07)
- Re: HTMLEncode RSnake (Jan 08)