Lia Lucindia
Reputation: 1
Cross Site Scripting (XSS) Prevention on C#
I have codes below on C# currently detected as a potential XSS attacks during code scanning.
ArrayList ListofProductCodeWithOverQuantity = new ArrayList();
string productCodeClean = Regex.Replace(Row.Cells[5].Text, "[^0-9A-Za-z _-]", "");
ListofProductCodeWithOverQuantity.Add(productCodeClean);
I did try on the Regex.Replace() functions but this doesn't seem to work in this case. I found a lot of solution of prevention for this XSS attack but mostly on other programming language.
How do I apply for the XSS prevention in this case for C#?
Upvotes: 0
Views: 879
Answers (1)
Luca
Reputation: 1626
Probably, one of those strings come from user input and ends up on the page.
If you don't check they have the proper encoding to be sure they don't contains executable code, you risk falling into XSS.
So, you should encode your texts before put them on the page.
Upvotes: 1
Related Questions
- How to add new entries to an entity's collection in Springboot
- Spring Data jpa (hibernate) nullpointer Exception when adding List of Entities
- How to add new fields / values to an existing entity in Spring Data JPA
- Update entity if already exists or create using spring jpa
- Spring boot JPA fetch a list and add an item to it throws error
- How to add to a Set of entities when doing Many-to-many
- Create new Entity Object in Spring Boot
- Update entity in jpa
- JPA ManyToMany: Adding existing object to another object
- How to save a new entity that refers existing entity in Spring JPA?