Create a filter attribute for a controller action parameter anti XSS attack

Question

I have a simple controller like that:

[CustomFilter()]
public ActionResult Index( int? page ) {
    return View();
}


public class CustomFilterAttribute : ActionFilterAttribute
{
   public override void OnActionExecuting( ActionExecutingContext filterContext ) {
      base.OnActionExecuting( filterContext );
}

public override void OnActionExecuted( ActionExecutedContext filterContext ) {
      base.OnActionExecuted( filterContext );
   }
}

In main page (ASPX), if I type http://localhost/home/index?page=<script> (is an example of XSS, I guess) instead of http://localhost/home/index?page=7 then the red page will appear (because in Visual studio I've installed AntiXSS addon).

How to create a custom filter for this type of attack and return the previous page without showing red page (with error) ? Or is not possible ?

score 0 · Accepted Answer · edited Jun 20 '20 at 09:12

0

No, the filter will never be called. you can do something similar in Application_Error

Check this question:ASP.NET MVC app custom error pages not displaying in shared hosting environment

look at the question and the answer.

edited Jun 20 '20 at 09:12

Community

1
1

answered Jan 30 '12 at 12:37

fengd

7,551
3
41
44

Create a filter attribute for a controller action parameter anti XSS attack

1 Answers1