Yes. DNN Platform is a free, open-source CMS under the MIT License.

What is the tech stack for DNN?

DNN runs on ASP.NET (.NET Framework 4.8+) with Microsoft SQL Server (2017+ or Azure SQL).

DNN Platform is community-led and a member project of the .NET Foundation.

What’s the difference between DNN and Evoq?

DNN Platform is the open-source core that's been wildly popular and adopted for over 20 years. Evoq is a commercial offering maintained by DNN Software (IgniteTech) that builds on DNN.

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

XSS Cross scripting measure in DNN

5 Replies

2 Subscribed to this topic

30 Subscribed to this forum

Sort:

Author

Messages

Stuart

Growing Member

Posts: 38

9/28/2020 5:29 AM

Hi, we had not realised that DNN does not set the validate request setting to enabled in web config. We had a request to add several asp.net forms quickly to a DNN website. We just created custom modules on the server itself and copied our forms in. They are just html forms that email results to a mailbox from codebehind, Is there a way to quickly add a wrapper to the html or in code behind to pick up on DNN's built-in antiXSS measures

Joe Craig

Veteran Member

Posts: 1246

MVP

9/28/2020 10:18 AM

When you say that you added " several asp.net forms" does that mean pages that exists outside of DNN but live in the same install directory? If so, you are going to have to do the work yourself, as DNN doesn't know about them.

You also said "custom modules" which I assume are not DNN modules?

The "better" way to do this would be to put the forms in HTML or razor modules which could then be added to pages. If you do this you will need to so some slight editing of your "forms" so that they can exist inside of DNN. A good place to start is the " oldie but goodie" blog post:https://mitchelsellers.co...submissions-from-dnn

Stuart

Growing Member

Posts: 38

9/28/2020 10:37 AM

Sorry for the confusion, No, we created DNN modules directly on the server in the desktop modules folder and simply copied the asp.net forms html and code into the ascx files.
By custom forms we meant that we did not use any module template in visual studio etc.

The forms are working inside DNN modules, but is just the Cross scripting we are asking about , apart from sticking a regular expression validator on each text box and using HTML encode in the back end, is there a simple wrapper or in code to allow these modules to pick up on the antiXSS measures used for example in the HTML Module.

Joe Craig

Veteran Member

Posts: 1246

MVP

9/28/2020 3:54 PM

Are there form tags in your html?

Michael Tobisch

Veteran Member

Posts: 1182

MVP

9/29/2020 1:41 AM

Stuart,

best solution would be to use any of the form modules available and re-create your forms with one of the modules. There are some good solutions available in the DNN Store (https://store.dnnsoftware...2?searchtext=forms), but also free stuff like OpenForms (https://github.com/sachatrauwaen/openform).

Happy DNNing!
Michael

Stuart

Growing Member

Posts: 38

9/29/2020 3:14 AM

Hi Joe, no form tags, the forms are working perfectly within the DNN modules.

Michael, Some of the forms are not that simple, fairly lengthy and involve criteria testing with sections hidden or displayed accordingly. At this point, we do not have time to learn a new form module enough to recreate the forms as they are temporary, although we will look at some of the options mentioned for future use.

We just wondered if there was a programmatic way to plug in the page Request Validation or the .Net 4.5 XssSecurity

These Forums are for the discussion of the open source CMS DNN platform and ecosystem.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy.
No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving / removing a thread or post or comment.
English language posting only, please.

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved