[英]How to simulate XSS in ASP.NET?
I want a simple method to simulate XSS attack.我想要一个简单的方法来模拟 XSS 攻击。
I've created asp.net core 5.0 mvc, then added a controller:我创建了 asp.net 核心 5.0 mvc,然后添加了 controller:
public class HelloWorldController : Controller
{
public string Welcome(string name)
{
return name;
}
}
Then launched /helloworld/welcome?name=<script>alert("hello")</script>, expecting to display alert, but it displays it as plain text.然后启动 /helloworld/welcome?name=<script>alert("hello")</script>,期望显示警报,但它显示为纯文本。
If you want to explicitly execute this, you need to tell the view engine to do so:如果要显式执行此操作,则需要告诉视图引擎这样做:
public IActionResult Index(string name)
{
ViewBag.name = name;
return View();
}
@Html.Raw(ViewBag.name)
Without it, asp.net core would encode it, and then display it as a string, because it is a string.没有它,asp.net 内核会对它进行编码,然后将其显示为字符串,因为它是字符串。 You are explicitly returning a string in your code.
您在代码中明确返回一个字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.