« Return to the blog entry
I am using this simple bit of code, though it probaby needs more.
Public Function HTMLEncodeXSS(dirtyString As String) As String
Dim cleanString As Variant
Dim vOriginal(0) As String
Dim vFind(6) As String
Dim vReplace(6) As String
' scrub xss vulnerabilites
vOriginal(0) = dirtyString
vFind(0) = {<}
vFind(1) = {>}
vFind(2) = {%3c}
vFind(3) = {%3e}
vFind(4) = {"}
vFind(5) = {'}
vFind(6) = {\}
vReplace(0) = {<}
vReplace(1) = {>}
vReplace(2) = {<}
vReplace(3) = {>}
vReplace(4) = {";}
vReplace(5) = {'}
vReplace(6) = {\}
cleanString = Replace(vOriginal, vFind, vReplace)
HTMLEncodeXSS = cleanString(0)
End Function
I am using this simple bit of code, though it probaby needs more.
Public Function HTMLEncodeXSS(dirtyString As String) As String
Dim cleanString As Variant
Dim vOriginal(0) As String
Dim vFind(6) As String
Dim vReplace(6) As String
' scrub xss vulnerabilites
vOriginal(0) = dirtyString
vFind(0) = {<}
vFind(1) = {>}
vFind(2) = {%3c}
vFind(3) = {%3e}
vFind(4) = {"}
vFind(5) = {'}
vFind(6) = {\}
vReplace(0) = {<}
vReplace(1) = {>}
vReplace(2) = {<}
vReplace(3) = {>}
vReplace(4) = {";}
vReplace(5) = {'}
vReplace(6) = {\}
cleanString = Replace(vOriginal, vFind, vReplace)
HTMLEncodeXSS = cleanString(0)
End Function