I'm building a UWP App which communicates with a Web-Api. At some Point I'm sending a string in the url to the Web-Api which can be manipulated by the user. Because of that the string can include characters which could do evil things to the Web-Api.
For example:
This is my UserController
[Route("api/user/{uid}")] public User GetUser(string uid) { return userRepository.GetByUid(uid); } For the sake of this example we assume that the user can put in the uid manually in a textbox. Now if he puts in
../vipuser He could have access to the VipUserController. Because the ../ goes one hirachy up.
I searched a little and found this SO article which recommends the use of System.Web.UrlEncodeUnicode and System.Web.UrlDecode.
But since UWP Apps doesn't include the System.Web namespace I was wondering if there is an alternative to this methods, which I can use into a UWP-App?