Expression Language Injection RRS feed

  • Question

  • I currently have an application that displays a Telerik Grid on the page.  I am using AntiXss to encode all fields with this convention (Text='<%# HtmlEncode(Eval("txtDescription"), False) %>'). I am using .net framework 4.61. A scan using Acunetix  shows there is an Expression Language Injection. All of my findings point to Java and the Spring EL interpreter.  Is there is any safe guards i can implement in order to prevent this attack?
    • Moved by CoolDadTx Thursday, January 18, 2018 10:01 PM ASP.NET related
    Thursday, January 18, 2018 6:23 PM

All replies

  • Please post questions related to web development in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    Thursday, January 18, 2018 10:01 PM