stackoom
  简体   繁体   中英

Cross Site Scripting (XSS) Prevention on C#

 原文  2023-01-10 15:19:45       c#/ xss

Question

I have codes below on C# currently detected as a potential XSS attacks during code scanning.

ArrayList ListofProductCodeWithOverQuantity = new ArrayList();
string productCodeClean = Regex.Replace(Row.Cells[5].Text, "[^0-9A-Za-z _-]", ""); 
 
ListofProductCodeWithOverQuantity.Add(productCodeClean);

I did try on the Regex.Replace() functions but this doesn't seem to work in this case. I found a lot of solution of prevention for this XSS attack but mostly on other programming language.

How do I apply for the XSS prevention in this case for C#?

1 answers

solution1
 1  2023-01-10 15:46:50

Probably, one of those strings come from user input and ends up on the page.

If you don't check they have the proper encoding to be sure they don't contains executable code, you risk falling into XSS.

So, you should encode your texts before put them on the page.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# MVC Cross-Site Scripting (XSS) Prevention ValidateInput Cross Site Scripting Prevention not working Asp.net MVC GetSafeHtmlFragment is still not working as expected to stop cross site scripting in c# Prevent Cross site scripting attack in asp.net C# How to prevent XSS (Cross Site Scripting) whilst allowing HTML input How to overcome stored cross site scripting vulnerability in Asp.net c# Should I use html.encode for queryString to prevent cross site scripting issue in c#? Cross site scripting possibility? Preventing Cross Site scripting attack Cross site scripting manipulation globally
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM