0

What is the best your favorite way of globally validating user input in classic ASP?

I inherited a legacy classic ASP project where I need to validate user input. Currently no validation is done. In ASP.net one can set <pages validateRequest="true" /> in web.config - is there something similar to this in classic ASP?

The only other way I can think of, to validate user input, is by going into each and every page - I hope someone has a more efficient idea :-)

Thanks a lot in advance!

jrn
  • 2,640
  • 4
  • 29
  • 51

1 Answers1

1

I won't answer your first question because it is subjective. :)

There is no equivalent to ASP.NET Request Validation in ASP Classic. You must build one yourself.

Robert S
  • 496
  • 4
  • 14
  • Rephrased my first question ;-) – jrn Mar 02 '17 at 21:19
  • To implement something like this you would have to put code into a globally included script. – Robert S Mar 02 '17 at 21:24
  • 1
    When it comes to protection from XSS, I feel most comfortable using a combination of custom developed scripts to validate untrusted user input, i.e. I have a function that tests `vartype` and one that uses RegEx to strip or encode illegal characters from inputs. Additionally, I lock down the character set of my application to UTF-8 as much as possible. – Robert S Mar 02 '17 at 21:31
  • Would you mind sharing some of these custom scripts, e.g. for illegal characters from inputs? :-) – jrn Mar 02 '17 at 21:41
  • 1
    The following filters out anything tha tmatches an inputted regular expression from the inputting string: `public function Filter(strPattern, strTestString) dim oRegX set oRegX = new RegExp with oRegX .pattern = strPattern .global = true .ignorecase = false strTestString = .replace(strTestString, "") end with kill oRegX Filter = strTestString end function` – Robert S Mar 02 '17 at 21:50