.Net Core API Cross Site Scripting on HttpContext.Request.Form
Question
I am having a .Net Core API where in i am trying to read the parameter using HttpContext.Request.Form["TestInput"] . This particular line is detected as Cross Site Scripting (Reflected) issue by one of the tool. what is the issue and how can we remediate it?
Code:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
1 answers
solution1
0 ACCPTED 2021-01-21 06:41:03
You can use the code:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
What is the Difference between HttpContext.Request and Request a .NET Core controller?
.NET HTML whitelisting (anti-xss/Cross Site Scripting)
ASP.NET EnableViewStateMac cross-site scripting
HttpContext and Caching in .NET Core >= 1.0
Request.Form .NET Core
HttpContext.Response.Cache equivalent in .NET Core?
Resolving Hangfire dependencies/HttpContext in .NET Core Startup
.NET Core 5.0 Singleton access to Configuration and HttpContext
HttpContext.Current.Request is always null in Custom Message Handler in ASP.NET Web Api
How to set api version related data to httpcontext for unit testing in .net core?
Related Tags