logo

New Response

« Return to the blog entry

You are replying to:

    • avatar
    • madwhite hatter
    • Posted on Tue 14 Oct 2008 02:20 PM

    I am using this simple bit of code, though it probaby needs more.

    Public Function HTMLEncodeXSS(dirtyString As String) As String

    Dim cleanString As Variant

    Dim vOriginal(0) As String

    Dim vFind(6) As String

    Dim vReplace(6) As String

    ' scrub xss vulnerabilites

    vOriginal(0) = dirtyString

    vFind(0) = {<}

    vFind(1) = {>}

    vFind(2) = {%3c}

    vFind(3) = {%3e}

    vFind(4) = {"}

    vFind(5) = {'}

    vFind(6) = {\}

    vReplace(0) = {&lt;}

    vReplace(1) = {&gt;}

    vReplace(2) = {&lt;}

    vReplace(3) = {&gt;}

    vReplace(4) = {&quot;;}

    vReplace(5) = {&#039}

    vReplace(6) = {&#092}

    cleanString = Replace(vOriginal, vFind, vReplace)

    HTMLEncodeXSS = cleanString(0)

    End Function

Your Comments

Name:
E-mail:
(optional)
Website:
(optional)
Comment: