I'm getting an alert in the page if I pass the following query string value in the URL
&67251"style%3d"x%3aexpression(alert(1))"c5c8316d7db=1
ex.
http://mysite.aspx?val1=2&&67251"style%3d"x%3aexpression(alert(1))"c5c8316d7db=1
I'm using componentart postback controls in my page, so it creates hidden variables in the page like below.
then second hidden variable is causing the alert. How can I avoid this? or how can I capture it and remove it before writing it to page?