{"id":730,"date":"2009-07-20T22:15:39","date_gmt":"2009-07-20T22:15:39","guid":{"rendered":"\/post\/1388\/04\/29\/d988d8a8d88c-ASPNETd88c-d8add985d984d987-d987d8a7db8c-XSS-d988-daa9d8aad8a7d8a8d8aed8a7d986d987-Anti-XSS"},"modified":"2009-07-20T22:15:39","modified_gmt":"2009-07-20T22:15:39","slug":"%d9%88%d8%a8%d8%8c-asp-net%d8%8c-%d8%ad%d9%85%d9%84%d9%87-%d9%87%d8%a7%db%8c-xss-%d9%88-%da%a9%d8%aa%d8%a7%d8%a8%d8%ae%d8%a7%d9%86%d9%87-anti-xss","status":"publish","type":"post","link":"https:\/\/mesbahi.net\/fa\/blog\/1388\/04\/29\/%d9%88%d8%a8%d8%8c-asp-net%d8%8c-%d8%ad%d9%85%d9%84%d9%87-%d9%87%d8%a7%db%8c-xss-%d9%88-%da%a9%d8%aa%d8%a7%d8%a8%d8%ae%d8%a7%d9%86%d9%87-anti-xss\/","title":{"rendered":"\u0648\u0628\u060c ASP.NET\u060c \u062d\u0645\u0644\u0647 \u0647\u0627\u06cc XSS \u0648 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 Anti-XSS"},"content":{"rendered":"

\"xss-threat3\" <\/p>\n

\u06cc\u06a9\u06cc \u0627\u0632 \u0631\u0627\u06cc\u062c \u062a\u0631\u06cc\u0646 \u062d\u0645\u0644\u0627\u062a \u0648\u0628 Cross Site Scripting \u0647\u0633\u062a\u0646\u062f\u060c \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 X \u0628\u06cc\u0627\u0646\u06af\u0631 Cross \u0628\u0648\u062f\u0647 \u0648 SS \u0647\u0645 \u06a9\u0647 \u0645\u062e\u0641\u0641 Site Scripting \u0627\u0633\u062a. \u062d\u0645\u0644\u0627\u062a XSS \u0639\u0645\u062f\u062a\u0627 \u062a\u0648\u0633\u0637 \u06a9\u062f\u0647\u0627\u06cc JavaScript \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u0646\u062f \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u062e\u0634 \u0647\u0627\u06cc \u0648\u0631\u0648\u062f\u06cc \u0648 \u06cc\u0627 \u062e\u0631\u0648\u062c\u06cc \u062a\u0632\u0631\u06cc\u0642 \u0645\u06cc \u0634\u0648\u0646\u062f.<\/p>\n

\u0627\u0628\u062a\u062f\u0627\u06cc\u06cc \u062a\u0631\u06cc\u0646 \u0631\u0648\u0634 \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 XSS \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 Dangerous characters \u06cc\u0627 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u0627\u0633\u062a\u060c \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0645\u0642\u062f\u0645\u0647 \u0648\u0631\u0648\u062f \u06a9\u062f\u0647\u0627\u06cc \u0648\u06cc\u0698\u0647 \u06cc \u062d\u0645\u0644\u0647 \u0647\u0633\u062a\u0646\u062f \u06cc\u0639\u0646\u06cc \u0627\u06cc\u0646 \u0647\u0627:
> < ( ) [ ] ‘ "  ;  : \/ |
<\/strong>\u0627\u06cc\u0646 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc \u0645\u0644\u0639\u0648\u0646 \"Devil\"\u0628\u0627\u06cc\u062f \u0628\u0647 \u062a\u06af \u0647\u0627\u06cc HTML \u06cc \u062a\u0628\u062f\u06cc\u0644 \u0634\u0648\u0646\u062f \u062a\u0627 \u0642\u0627\u0628\u0644\u06cc\u062a \u0627\u062c\u0631\u0627\u06cc\u06cc\u0634\u0648\u0646 \u0631\u0648 \u0627\u0632 \u062f\u0633\u062a \u0628\u062f\u0646 \u0628\u0647 \u0637\u0648\u0631 \u0645\u062b\u0627\u0644 < \u0628\u0647 gt& \u062a\u0628\u062f\u06cc\u0644 \u0634\u0647. \u0627\u0628\u062a\u062f\u0627\u06cc\u06cc \u062a\u0631\u06cc\u0646 \u0634\u06a9\u0644 \u0645\u0628\u0627\u0631\u0632\u0647 \u0628\u0627 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u062f\u0631 ASP.NET \u0628\u0627 \u062f\u0648 \u0639\u0645\u0644 \u0632\u06cc\u0631 \u0634\u0631\u0648\u0639 \u0645\u06cc\u0634\u0647:<\/p>\n

1: \u062a\u0646\u0638\u06cc\u0645 validateRequest="true" \u062f\u0631 Directive \u0635\u0641\u062d\u0647 (\u062a\u06af Page@>).
2: \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0627\u0628\u0639 \u0632\u06cc\u0631 \u062c\u0647\u062a \u06a9\u062f \u06a9\u0631\u062f\u0646 \u0645\u0628\u0627\u062f\u06cc \u062d\u0645\u0644\u0647:<\/p>\n

\u00bb  HtmlEncode
\u00bb  HtmlAttributeEncode
\u00bb  JavaScriptEncode
\u00bb  UrlEncode
\u00bb  VisualBasicScriptEncode
\u00bb  XmlEncode
\u00bb  XmlAttributeEncode <\/p>\n

\u062a\u0627 \u0627\u06cc\u0646\u062c\u0627 \u0645\u0628\u0627\u062f\u06cc Input \u06cc\u0627 \u0648\u0631\u0648\u062f\u06cc \u0631\u0648 \u06a9\u062f \u06a9\u0631\u062f\u06cc\u0645\u060c \u062e\u0631\u0648\u062c\u06cc \u0647\u0627 \u0645\u0648\u0646\u062f\u0647 \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0628\u0627 \u06a9\u062a\u0627\u0628\u062e\u0648\u0646\u0647 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0628\u0647 \u0646\u0627\u0645 Microsoft Anti-Cross Site Scripting Library  \u06a9\u0647 \u0628\u0647 \u0627\u062e\u062a\u0635\u0627\u0631 Anti-XSS \u0646\u0627\u0645\u06cc\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f \u0648 \u06cc\u0627 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062f\u06cc\u06af\u0647 \u0627\u06cc \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0627\u0641\u0631\u0627\u062f \u06cc\u0627 \u0634\u0631\u06a9\u062a \u0647\u0627\u06cc \u062f\u06cc\u06af\u0647 \u062a\u0648\u0644\u06cc\u062f \u0634\u062f\u0647 \u0627\u0646\u062f \u06a9\u062f \u0634\u0648\u0646\u062f.<\/p>\n

\u0647\u0645\u0647 \u0627\u06cc\u0646 \u0647\u0627 \u0631\u0648 \u06af\u0641\u062a\u0645 \u062a\u0627 \u0628\u06af\u0645 \u0646\u0633\u062e\u0647 \u0646\u0647\u0627\u06cc\u06cc \u0648\u0631\u0698\u0646 3.0 \u0622\u0645\u0627\u062f\u0647 \u062f\u0627\u0646\u0644\u0648\u062f \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f.<\/p>\n

\u0644\u06cc\u0646\u06a9 \u062f\u0627\u0646\u0644\u0648\u062f<\/a><\/p>\n

\u062f\u0631 \u0636\u0645\u0646 \u062f\u0631 \u062f\u0648\u0631\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f\u06cc \u0648\u0628 \u062f\u0631 \u0633\u0637\u0648\u062d \u0645\u062e\u062a\u0644\u0641 \u0628\u0627 \u0627\u0646\u0648\u0627\u0639 \u0631\u0648\u0634 \u0647\u0627\u06cc \u062d\u0645\u0644\u0647 \u0648 \u0631\u0648\u0634 \u0647\u0627\u06cc \u0636\u062f\u062d\u0645\u0644\u0647 \u0622\u0634\u0646\u0627 \u062e\u0648\u0627\u0647\u06cc\u0645 \u0634\u062f\u2026<\/p>\n

\u067e\u06cc\u0646\u0648\u0634\u062a: \u0628\u0647 \u06cc\u0627\u0631\u06cc \u062e\u062f\u0627\u0648\u0646\u062f\u060c \u0628\u0647 \u0632\u0648\u062f\u06cc \u062f\u0648\u0645\u06cc\u0646 \u062f\u0648\u0631\u0647 \u0645\u0642\u062f\u0645\u0627\u062a\u06cc \u0631\u0648 \u0622\u063a\u0627\u0632 \u062e\u0648\u0627\u0647\u0645 \u06a9\u0631\u062f\u2026<\/p>\n","protected":false},"excerpt":{"rendered":"

\u06cc\u06a9\u06cc \u0627\u0632 \u0631\u0627\u06cc\u062c \u062a\u0631\u06cc\u0646 \u062d\u0645\u0644\u0627\u062a \u0648\u0628 Cross Site Scripting \u0647\u0633\u062a\u0646\u062f\u060c \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 X \u0628\u06cc\u0627\u0646\u06af\u0631 Cross \u0628\u0648\u062f\u0647 \u0648 SS \u0647\u0645 \u06a9\u0647 \u0645\u062e\u0641\u0641 Site Scripting \u0627\u0633\u062a. \u062d\u0645\u0644\u0627\u062a XSS \u0639\u0645\u062f\u062a\u0627 \u062a\u0648\u0633\u0637 \u06a9\u062f\u0647\u0627\u06cc JavaScript \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u0646\u062f \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u062e\u0634 \u0647\u0627\u06cc \u0648\u0631\u0648\u062f\u06cc \u0648 \u06cc\u0627 \u062e\u0631\u0648\u062c\u06cc \u062a\u0632\u0631\u06cc\u0642 \u0645\u06cc \u0634\u0648\u0646\u062f. \u0627\u0628\u062a\u062f\u0627\u06cc\u06cc \u062a\u0631\u06cc\u0646 \u0631\u0648\u0634 \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 XSS \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 Dangerous characters \u06cc\u0627 … \u0627\u062f\u0627\u0645\u0647<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[2,4],"tags":[15,38],"class_list":["post-730","post","type-post","status-publish","format-standard","hentry","category-net","category-security","tag-asp-net","tag-security"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"\u0627\u0645\u06cc\u0646 \u0645\u0635\u0628\u0627\u062d\u06cc","author_link":"https:\/\/mesbahi.net\/fa\/blog\/author\/amin\/"},"uagb_comment_info":2,"uagb_excerpt":"\u06cc\u06a9\u06cc \u0627\u0632 \u0631\u0627\u06cc\u062c \u062a\u0631\u06cc\u0646 \u062d\u0645\u0644\u0627\u062a \u0648\u0628 Cross Site Scripting \u0647\u0633\u062a\u0646\u062f\u060c \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 X \u0628\u06cc\u0627\u0646\u06af\u0631 Cross \u0628\u0648\u062f\u0647 \u0648 SS \u0647\u0645 \u06a9\u0647 \u0645\u062e\u0641\u0641 Site Scripting \u0627\u0633\u062a. \u062d\u0645\u0644\u0627\u062a XSS \u0639\u0645\u062f\u062a\u0627 \u062a\u0648\u0633\u0637 \u06a9\u062f\u0647\u0627\u06cc JavaScript \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u0646\u062f \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u062e\u0634 \u0647\u0627\u06cc \u0648\u0631\u0648\u062f\u06cc \u0648 \u06cc\u0627 \u062e\u0631\u0648\u062c\u06cc \u062a\u0632\u0631\u06cc\u0642 \u0645\u06cc \u0634\u0648\u0646\u062f. \u0627\u0628\u062a\u062f\u0627\u06cc\u06cc \u062a\u0631\u06cc\u0646 \u0631\u0648\u0634 \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 XSS \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 Dangerous characters \u06cc\u0627…","_links":{"self":[{"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/posts\/730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/comments?post=730"}],"version-history":[{"count":0,"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/posts\/730\/revisions"}],"wp:attachment":[{"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/media?parent=730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/categories?post=730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mesbahi.net\/fa\/wp-json\/wp\/v2\/tags?post=730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}