C# 上的跨站点脚本 (XSS) 预防
[英]Cross Site Scripting (XSS) Prevention on C#
问题描述
I have codes below on C# currently detected as a potential XSS attacks during code scanning.
我在 C# 上有以下代码,目前在代码扫描期间被检测为潜在的 XSS 攻击。
ArrayList ListofProductCodeWithOverQuantity = new ArrayList();
string productCodeClean = Regex.Replace(Row.Cells[5].Text, "[^0-9A-Za-z _-]", "");
ListofProductCodeWithOverQuantity.Add(productCodeClean);
I did try on the Regex.Replace() functions but this doesn't seem to work in this case.我确实尝试了 Regex.Replace() 函数,但这在这种情况下似乎不起作用。 I found a lot of solution of prevention for this XSS attack but mostly on other programming language.我发现了很多针对这种 XSS 攻击的预防解决方案,但主要是针对其他编程语言。
How do I apply for the XSS prevention in this case for C#? C#如何申请本案例的XSS防范?
1 个解决方案
解决方案1
1 2023-01-10 15:46:50
Probably, one of those strings come from user input and ends up on the page.可能其中一个字符串来自用户输入并最终出现在页面上。
If you don't check they have the proper encoding to be sure they don't contains executable code, you risk falling into XSS.如果您不检查它们是否具有正确的编码以确保它们不包含可执行代码,您就有陷入 XSS 的风险。
So, you should encode your texts before put them on the page.因此,您应该在将文本放在页面上之前对其进行编码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.