[英].Net Core API Cross Site Scripting on HttpContext.Request.Form
I am having a .Net Core API where in i am trying to read the parameter using HttpContext.Request.Form["TestInput"]
.我有一个.Net Core API ,我正在尝试使用
HttpContext.Request.Form["TestInput"]
读取参数。 This particular line is detected as Cross Site Scripting (Reflected) issue by one of the tool.此特定行被其中一个工具检测为跨站点脚本(反映)问题。 what is the issue and how can we remediate it?
问题是什么,我们该如何补救?
Code:-代码:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
You can use the code:您可以使用以下代码:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.