What's the best way to prevent javascript injections in a VB.NET Web Application? Is there some way of disabling javascript on the pageload event?
Recently, part of the security plan for our vb.net product was to simply disable buttons on the page that weren't available to the specific user. However, I informed the guy who thought of the idea that typing
javascript:alert(document.getElementById("Button1").disabled="")
in the address bar would re-enable the button. I'm sure that someone else has ran into issues like this before, so any help is appreciated. Thanks!
Update: Aside from validating user input, how can I protect the website from being toyed with from the address bar?
Thanks for the input! I appreciate it!