![](/img/trans.png)
[英]What is the Difference between HttpContext.Request and Request a .NET Core controller?
[英].Net Core API Cross Site Scripting on HttpContext.Request.Form
我有一个.Net Core API ,我正在尝试使用HttpContext.Request.Form["TestInput"]
读取参数。 此特定行被其中一个工具检测为跨站点脚本(反映)问题。 问题是什么,我们该如何补救?
代码:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
您可以使用以下代码:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.