发表新帖
发表新帖

How do you avoid XSS vulnerabilities in ASP.Net (MVC)?

后端 未结
关注
5 1948
庸人自扰
庸人自扰 2020-11-28 11:25

I recently noticed that I had a big hole in my application because I had done something like:

\" />
5条回答
  • 无人及你
    无人及你 (楼主)
    2020-11-28 11:52

    Syntax for HTML encoding

    1. <%: model.something %> syntax in WebForms

    2. It is automatic in Razor i.e. @model.something will auto encode automatically no need to do anything to encode.

    3. MVC3 HTML Helper methods return the encoded string automatically. e.g. Html.Label will return the encoded string

    More about cross site scripting

    http://thirum.wordpress.com/2013/10/24/how-asp-net-mvc-prevents-cross-site-scriptingxss-attack/

    0 讨论(0)
 看不清?
提交回复
热议问题