views:

12

answers:

1

Hi All,

I have a report web page that allows you to export records shown to an excel file. I'm using AntiXss to display them on the screen but when a user opts to export to file and I go and get the records again from db will I need to use AntiXss to scrub for reporting purposes?

Thanks,

rod.

+1  A: 

No. AntiXss is used to prevent Cross Site Scripting - an Excel document is not vunerable to these attacks. Even if you had XSS code in the Excel file and a user saved the Excel file as HTML (and loaded it in their browser), the content is automatically encoded and would have no effect.

Damien Dennehy