[英].Net Core API Cross Site Scripting on HttpContext.Request.Form
我有一个.Net Core API ,我正在尝试使用HttpContext.Request.Form["TestInput"]读取参数。 此特定行被其中一个工具检测为跨站点脚本(反映)问题。 问题是什么,我们该如何补救?
代码:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
您可以使用以下代码:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));
HttpContext.Request 和 Request a .NET Core controller 有什么区别?
[英]What is the Difference between HttpContext.Request and Request a .NET Core controller?
解决.NET Core Startup中的Hangfire依赖关系/ HttpContext问题
[英]Resolving Hangfire dependencies/HttpContext in .NET Core Startup
.NET Core 5.0 对配置和 HttpContext 的单例访问
[英].NET Core 5.0 Singleton access to Configuration and HttpContext
在ASP.NET Web Api的自定义消息处理程序中,HttpContext.Current.Request始终为null
[英]HttpContext.Current.Request is always null in Custom Message Handler in ASP.NET Web Api
如何将 api 版本相关数据设置为 httpcontext 以在 .net core 中进行单元测试?
[英]How to set api version related data to httpcontext for unit testing in .net core?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.