stackoom
  简体   繁体   中英

Do I need to JavaScript encode ASP.NET MVC with Bootstrap?

 原文  2015-12-07 09:02:14       javascript/ asp.net/ asp.net-mvc/ twitter-bootstrap

Question

I've recently read that I have to HTML encode and JavaScript encode user submitted data in order to prevent attacks .

  • Do I need to JavaScript encode ASP.NET MVC with Bootstrap? (see specific example below)
  • And if yes, how do I do it?

As I've understood, @Model.xxx automatically HTML encodes any data. However, I'm curious what happens in terms of encoding when I use various JS functionality in Bootstrap. Both for my specific case and in general.

Specifically I am using ' Popovers ' with HTML content like this: 

<button ... data-html="true" data-container="body" data-toggle="popover" data-content="<strong>text</strong><br/> etc..." >
  Popover on left
</button>

1 answers

solution1
 0  2015-12-07 09:05:48

XSS has nothing to do with Bootstrap. If you want to prevent XSS attacks in ASP.NET MVC. You may take a look on AntiForgeryToken. Phil Haacked has a post regarding AntiForgeryToken

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Do I need to use three javascript libaries for validation with ASP.NET MVC4? How do I do a JavaScript redirect in ASP.Net MVC? How to encode embedded javascript in Razor view in ASP.NET MVC 3? Can i do this in javascript ?(ASP.NET MVC) How do I add JavaScript to an ASP.NET MVC View? In ASP.NET MVC how do I pass in ASP.NET razor strings into a javascript onclick function? asp.net mvc encode on form post Need help getting the DatePicker to work in javascript / ASP.NET MVC MVC ASP.Net Javascript - How do I use a javascript function to hide a button if Url has no id I need a dropdownlist with checkboxes in asp.net mvc without EF
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM