Quantcast
Channel: AjaxControlToolkit Work Item Rss Feed
Viewing all articles
Browse latest Browse all 4356

Closed Issue: TSM_HiddenField - XSS Issue [26001]

$
0
0
A penetration test was recently executed against a major website and this came up as an issue. ToolScriptManager does not sanitize the input to this field - instead, it directly emits it to the client. While the overall effect is probably somewhat insignificant inasmuch as it should only be affecting the user performing the 'attack', it's rather frustrating to have this come up for something that 1.) should be a trivial fix and 2.) should not have made it in to production code.

Someone else reported this issue on the ASP.NET forums some time ago as well http://forums.asp.net/p/1429764/3201259.aspx#3201259.
Comments: Starting with the v15.1 release, we have removed the ToolkitScriptManager due to various issues it caused. So, the described problem no longer exists.

Viewing all articles
Browse latest Browse all 4356

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>