Silverlight TextBlock and XSS

I am learning Silverlight, particularly the security perspective, and I created a dummy project. The project greets the user with a login screen and once the user provides the credentials he is redirected to another page and the user sees a Welcome note saying “Welcome “.

I assigned a script in the user name field and expected to see an nice little alert when the user is navigated to the next page but I saw this instead:

I am disappointed on seeing this and looked for why this text is not parsed and rendered by the browser. In the approach the syntax TextBlock.Text understands the string is to be displayed rather than parsed and run as markup/code and hence this cannot be exploited for Cross Site Scripting.
I did not know that and thought its worth noting it down here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s