问题
Fortify is warning me that "JsonConvert.DeserializeXmlNode(JsonString);" could allow an attacker to inject arbitrary elements or attributes into the JSON entity.
Json coming into my app is unfortunately dynamic, is there anything I can do to mitigate this? Is there a better method to convert my Json to XML?
It says I can "ensure all serialization to JSON is performed using a safe serialization function that delimits untrusted data within single or double quotes and escapes any special characters... is there a simple way to do this?
Thanks in advance for the help.
来源:https://stackoverflow.com/questions/38364747/jsonconvert-deserializexmlnode-and-fortify-warns-of-json-injection