ASP.NET ValidateRequest does not mitigate XSS completelyhttp://blogs.msdn.com/b/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspxAs a security guy, I can safely say that there is no magic bullet to mitigate any security problems completely, and cross-site scripting(XSS) bugs are not exceptions. Since ASP.NET 1.1, ValidateRequest can be configured in web.config to check and rejecten-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)ASP.NET ValidateRequest and the HTML Attribute Based Cross Site Scripting http://blogs.msdn.com/b/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx#5790271Wed, 31 Oct 2007 06:45:18 GMT91d46819-8472-40ad-a661-2c78acb4018c:5790271KeepItLocked.net<p>ASP.NET ValidateRequest is a security mechanism designed to prevent cross-site scripting attacks in ASP</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5790271" width="1" height="1">Weekend Security Reading Round up Links - 10/20/07http://blogs.msdn.com/b/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx#5542285Sat, 20 Oct 2007 12:45:18 GMT91d46819-8472-40ad-a661-2c78acb4018c:5542285Noticias externas<p>Inside the Matrix for Mobiles A pretty interesting concept: hack together a platform for connecting the</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5542285" width="1" height="1">Weekend Security Reading Round up Links - 10/20/07http://blogs.msdn.com/b/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx#5541201Sat, 20 Oct 2007 11:40:17 GMT91d46819-8472-40ad-a661-2c78acb4018c:5541201%41%43%45%20%54%65%61%6d <p>Inside the Matrix for Mobiles A pretty interesting concept: hack together a platform for connecting the</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5541201" width="1" height="1">ASP.NET ValidateRequest does not mitigate XSS completelyhttp://blogs.msdn.com/b/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx#5529858Sat, 20 Oct 2007 01:02:35 GMT91d46819-8472-40ad-a661-2c78acb4018c:5529858Noticias externas<p>From Eugene Siu&amp;#39;s blog: <a rel="nofollow" target="_new" href="http://blogs.msdn.com/esiu/archive/2007/10/19/asp-net-validaterequest-does">http://blogs.msdn.com/esiu/archive/2007/10/19/asp-net-validaterequest-does</a></p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5529858" width="1" height="1">ASP.NET ValidateRequest does not mitigate XSS completelyhttp://blogs.msdn.com/b/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx#5529207Sat, 20 Oct 2007 00:30:11 GMT91d46819-8472-40ad-a661-2c78acb4018c:5529207ACE Team - Security, Performance & Privacy<p>From Eugene Siu's blog: <a rel="nofollow" target="_new" href="http://blogs.msdn.com/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx">http://blogs.msdn.com/esiu/archive/2007/10/19/asp-net-validaterequest-does-not-mitigate-xss-completely.aspx</a></p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5529207" width="1" height="1">