To prevent the Cross Site Scripting (XSS) attack, we should use System.Web.HttpUtility.HtmlEncode() to encode a string before sending it in a response if the string is from an untrusted source.
System.Web.HttpUtility.HtmlEncode will encode these characters:
Character Encoded
< <
> >
" "
& &
' ' (.Net 4.0 Only)
Wednesday, June 12, 2019
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment