I've recently read that I have to HTML encode and JavaScript encode user submitted data in order to prevent attacks .
As I've understood, @Model.xxx automatically HTML encodes any data. However, I'm curious what happens in terms of encoding when I use various JS functionality in Bootstrap. Both for my specific case and in general.
Specifically I am using ' Popovers ' with HTML content like this:
<button ... data-html="true" data-container="body" data-toggle="popover" data-content="<strong>text</strong><br/> etc..." >
Popover on left
</button>
XSS has nothing to do with Bootstrap. If you want to prevent XSS attacks in ASP.NET MVC. You may take a look on AntiForgeryToken. Phil Haacked has a post regarding AntiForgeryToken
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.