I am having a .Net Core API where in i am trying to read the parameter using HttpContext.Request.Form["TestInput"]
. This particular line is detected as Cross Site Scripting (Reflected) issue by one of the tool. what is the issue and how can we remediate it?
Code:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
You can use the code:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.