Script Injection : Javascript « Development « ASP.NET Tutorial






  1. ASP.NET Tutorial
  2. Development
  3. Javascript
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="ScriptInjection" ValidateRequest="false"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <asp:TextBox id="txtInput" runat="server" Width="298px">&lt;script&gt;alert('Script Injection');&lt;/script&gt;</asp:TextBox>
  <asp:Button id="cmdSubmit" runat="server" Text="Submit" OnClick="cmdSubmit_Click"></asp:Button>
  <asp:Label id="lblInfo" runat="server"></asp:Label>
    </form>
</body>
</html>

File: Default.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class ScriptInjection : System.Web.UI.Page
{
  protected void cmdSubmit_Click(object sender, EventArgs e)
  {
    lblInfo.Text = txtInput.Text;
  }
}








9.32.Javascript
9.32.1.Script Injection