We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

How to eliminate XSS with window openRSS

1 reply

Last post Jan 30, 2018 08:46 AM by Yuk Ding

  • How to eliminate XSS with window open

    Jan 27, 2018 03:11 PM|tcmauldin|LINK

    <div class="post-text" itemprop="text">

    I have inherited an old classic ASP program. In it the coder used the below code to open windows. I have to scan the program with a Fortify scan to try and eliminate the problems. The scan labels everyone of these as Cross site scripting. I added the Server.URLEncode to try and get the scan to not recognize them as XSS problems, didn't work. All of the pages the code open are in the website none go outside for external pages. Can someone help me with the code that will keep the scan from marking these as XSS. Thanks for the help.

    <script>
      function CloseRejectWindow() {
      window.opener.parent.parent.location = "107_ETAR_frames.asp?status_id= <%=Server.URLEncode(status_id)%>"
    window.close()
     }
    </script>
    </div>
  • Re: How to eliminate XSS with window open

    Jan 30, 2018 08:46 AM|Yuk Ding|LINK

    Hi tcmauldin,

    This link provide the method to prevent XSS in classic asp application:

    https://stackoverflow.com/questions/725875/anti-xss-and-classic-asp

    Hope this could help you.

    Best Regards,

    Yuk Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.