October 24th, 2014

Security Whilst using Online Services

We all know that most of the nowadays internet users could be tracked – that is not a secret, and honesty of Edward Snowden has supported that already several times. While some of us hide all their data in a panic and others rejoice that they are not registered in social networks, and far-sighted people are looking for safe ways to communicate with their friends – Big Brother is not sleeping and trying to track us.

September 18th, 2013

AngularJS and AntiForgeryToken in ASP.NET MVC

In my previous article, we have implemented form validation including username availability Check with AngularJS. Now we will use ASP.NET MVC’s AntiForgeryToken to prevent Cross-Site Request Forgery (CSRF) Attacks. It generates a hidden form field (anti-forgery token) that is validated when the form is submitted. I see some tutorials, but I want to do in AngularJS way.

May 19th, 2013

WYSIWYG Html Editor and XSS Attack Prevention

In my previous post, we implemented CRUD operations with HTML WYSIWYG editor and allowed user to enter html code for formatting. Now the next step is to validate html input to prevent XSS. One way is to use AntiXss library, but the newer version breaks everything and has compatibility issues, so not reliable. Here is the white-list approach where you can allow specific html tags and other tags will be html encoded based on this discussion(Archive Version).