We have scanned our site for vulnerabilities. We received a warning message on this code("StaticPostBackScrollVerticalPosition") for potential cross-site scripting.
What needs to be changed to fix this issue? Please let me know.
privateconststringVerticalPosition="StaticPostBackScrollVerticalPosition";privateconststringScriptHidden="document.forms[0].{0}.value";privateconststringSaveScriptName="StaticPostBackScrollPositionSave";privateconststringLoadScriptName="StaticPostBackScrollPositionLoad";privateconststringScriptGetPosition=ScriptHidden+" = (navigator.appName == 'Netscape') ? window.page{1}Offset : document.documentElement.scroll{2};";privatestringGetPositionScript(){StringBuilder sb =newStringBuilder();
sb.Append("<script language=\"JavaScript\"> \n");
sb.Append("function SaveScrollPosition() { \n");
sb.AppendFormat(ScriptGetPosition,VerticalPosition,"Y","Top");
sb.Append("setTimeout('SaveScrollPosition()', 100);");
sb.Append("} \n");
sb.Append("SaveScrollPosition(); \n");
sb.Append("</script> \n");return sb.ToString();}privatevoidScrollPosition(){if(!this.ClientScript.IsStartupScriptRegistered(SaveScriptName)){this.ClientScript.RegisterClientScriptBlock(GetType(),SaveScriptName,GetPositionScript());this.ClientScript.RegisterHiddenField(VerticalPosition,"0");}}
