WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

HTMLEncode

From: Alfred Hitchcock <alfredhitchcock_007 () yahoo com>
Date: 7 Jan 2005 10:39:46 -0000


Hello everybody,
Could anybody tell me how you can bypass Server.HtmlEncode as it only checks for 4 characters. i.e. &,<,>,".
So is there any other way of bypassing HtmlEncode which can further lead to XSS
Previous By Date Next
Previous By Thread Next

Current thread: