Posted on

I am highly recommend to read blog post describe how ATLAS framework preventing such hacks.

Quick summary of his post:

  •  ASP.NET Ajax webservices by default restrict calling them using HttpGet. But you can turn off this check by using attribute [ScriptMethod(UseHttpGet=true)] 
  • ASP.NET ajax framework using content-type validation.
    Content-Type: application/json; charset=utf-8 

One more time I’d like to mention that each ASP.NET developer should start using Microsoft Anti-Cross Site Scripting Library V1.5 to avoid common xss security holes in their web applications.