Nathan Cirillo
Reputation: 1
Sanitizing IOwinContext Request Body
I Write a middleware using C# and the idea is to take the post requests and sanitize html and script tags. I tried to use HTMLSanitizer from Nuget, but the tags aren't removed. How can i do this? Below is my code:
public override async Task Invoke(IOwinContext context) {
string localPath = context.Request.Uri.LocalPath;
if(!whiteList.Contains(localPath) && context.Request.Method.ToLower() == "post")
{
using (var streamReader = new StreamReader(context.Request.Body, Encoding.UTF8))
{
var raw = await streamReader.ReadToEndAsync();
var requestBody = HttpUtility.UrlDecode(raw);
var sanitiser = new HtmlSanitizer();
var sanitised = sanitiser.Sanitize(requestBody);
if(raw != sanitised)
{
byte[] bytes = Encoding.UTF8.GetBytes(sanitised);
context.Request.Body = new MemoryStream(bytes);
}
}
context.Request.Body.Seek(0, SeekOrigin.Begin);
}
await Next.Invoke(context);
}
Upvotes: 0
Views: 31
Answers (0)
Related Questions
- One DbContext per web request... why?
- The request was aborted: Could not create SSL/TLS secure channel
- How to read request body in an asp.net core webapi controller?
- How to set the Content-Type header for an HttpClient request?
- How to enable external request in IIS Express?
- Why can't I use the 'await' operator within the body of a lock statement?
- Send HTTP POST request in .NET
- Sanitizing untrusted HTML5
- Multiple actions were found that match the request in Web Api