How Can I see Attacker Given HTML or JavaScript Code In URL

Question

0.00/5 (No votes)

See more:

Hi All,

How can i show attacker given HTML or JavaScript Code in URL.
Is this possible to show message what attacker given . i Want avoid Cross Site Scripting on my web Application.

Ex: http://www.abc.com?Products.aspx?id=1 my appilcation URL

Then attacker remove the query string and put a HTML or JavaScript as below mentioned.

Ex: http://www.abc.com/product.aspx?<script>alert('done!')</script>

Now i want to show a message what attacker given HTML or JavaScript.

Please provide me useful information.

Posted 23-May-14 0:44am

Kapuraveni BharathKumar

Updated 23-May-14 0:45am

v2

Add a Solution

Comments

Ajith K Gatty 23-May-14 6:47am

Hi, I know this is not the answer you are expecting. But what is the use of script in Url???

Kapuraveni BharathKumar 23-May-14 7:33am

How could i know site is hacked or attacker posted a HTML or JavaScript code.
it was happend like attacker chaneged any query string to passing sequence values.
then how can i find, how can i secure my application from the hackers.
Provide any useful infromation.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Prasad Khandekar · Answer 1 · 2014-05-23T01:37:00

Solution 1

Hello Bharath,

Have a look at HtmlUtils class found in DotNetNuke[^]. It contains a method named isHtml(String). You can use this to check whether the passed data contains any html/script tags.

Regards,

Posted 23-May-14 1:37am

Prasad Khandekar

Comments

Kapuraveni BharathKumar 23-May-14 7:44am

Hello Prasad,

can i show client side error message what an attacker posted HTML or Scripts. IS this possible.please give me any suggestions to show error messages.

Kapuraveni BharathKumar 23-May-14 7:54am

How can i use as you mentioned isHtml(string) and how can i import namespaces

using DotNetNuke.Entities.Portals;
using DotNetNuke.Services.Upgrade;
using System.Collections.Generic;