What are script injection attacks?
Script injection attacks called Cross-site scripting (XSS) attacks exploit vulnerabilities in Web page validation by injecting client-side script code.
This code executes on the user’s browser after the browser downloads the script code from a trusted site and then the browser has no way of determining the legitimacy code.
What are script injection attacks?
Script injection attacks occur when an end user tries to fill in malicious code in the form or input fields of a form to access database or change it or destroy it. The malicious code tries to fool the application, that it was just another end user. The technique involves submitting contents wrapped in <script>, <object>, <applet>, <embed>, <frame>, <link> etc tags.
Request validation and validating the input provided by the end user are a solution to such attacks. One can use the following in the web.config for validating requests for all pages in the application.
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<pages validateRequest="false"/>
</system.web>
</configuration>
