I need to prevent characters that cause URL vulnerabilities
My sample url is http: //localhost/add.aspx? Id = 4; req = 4
Specify a list of characters that I need.
I am using ASP.net webpage. I am linking information from sql server database.
I just want to specify characters to stay away from hackers, to enter unwanted lines in the URL
Depending on which technology you are using, there is usually a built-in function that will handle this for you.
ASP.NET (VB) and Classic ASP
myUrl = Server.UrlEncode(myUrl)
ASP.NET (C #)
myUrl = Server.UrlEncode(myUrl);
Php
$myUrl = urlencode($myurl);
, . RFC 1738 , URL-:
:., URL-. "<" " > " URL- ; ( "" ) URL- . "#" , World Wide Web, URL- /, . "%" ,. , , . "{", "}", "|", "\", "^", "~", "[", "]", "".
:
., URL-. "<" " > " URL- ; ( "" ) URL- . "#" , World Wide Web, URL- /, . "%" ,. , , . "{", "}", "|", "\", "^", "~", "[", "]", "".
,
, , URL-, . URL- ? ; , .
, :
. ( , - , () , XSS XSRF.)
, . ", ", , . , , '<script> , , , , .
, . , () PHP SQL-; "O'Reilly". D'. ; .
, SQL-, , SQL-escape , , ( ); HTML-, HTML- , ( /MVC, ).
URL http://localhost/add.aspx?id=4;req=4
, - URL-? :; "&, - ( Java Servlet ASP.NET). , id = 4 & req = 4 - , , , 'id = 4% 3Breq% 3D4.
http://en.wikipedia.org/wiki/Query_string#URL_encoding
: http://tools.ietf.org/html/rfc3986#section-2.2
URL-, , ,
"", ", ·,, *, @, =,;,:,.,/, + & ;, $, <, > , #,%, {, (,),}, |, \, ^, ~, [,], -, -, - ',"
" " -"
reqular