I'm currently doing some encoding work to protect a site from XSS attacks. We've stuck a bunch of <script>debugger;</script> tags in the db. Dispite my best efforts, the strings I've encoded to stop the debugger getting hit (to prevent an XSS attack), are still getting hit in developer tools.

Is there a chance that double encoding something could cause this to happen or is that not possible?

Thanks in advance!

Re: Preventing Double Html Encoding Strings 80 80

Sorry I realise I've posted this in the wrong section, it's been a while since I've visited DaniWeb.

commented: OK, I moved it. +14
Re: Preventing Double Html Encoding Strings 80 80

We solved this by adding a new method to the string object to replace any <script> tags in a string to defuse it.

This solution removes any potential script tags and will prevent any html tags from being encoded (useful when you're trying to render out html from a string.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.