The Uri.IsWellFormedUriString method is well suited to check for any malformed URLs. It can be used to  validate the address and the entire query string.

var newUrl = Request.QueryString["Url"];
if (!Uri.IsWellFormedUriString(newUrl, UriKind.Absolute))
{
  litLeavingTag.Text = "An invalid URL has been specified.";
  return;
}

Request Validation

At a page level, one can turn on RequestValidation (set to false by default)
<%@ Page Language=”C#” MasterPageFile=”~/Site.Master” AutoEventWireup=”true” CodeBehind=”GoingToPage.aspx.cs” Title=”Leaving Site” ValidateRequest=”true” %>

Summary

Each of these techniques provide a quick and effective way to prevent XSS rewrites from making it through the ASP.NET pipeline.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin