Wednesday, June 12, 2019

ASP.NET: Cross site scripting attack and HtmlEncode

To prevent the Cross Site Scripting (XSS) attack, we should use System.Web.HttpUtility.HtmlEncode() to encode a string before sending it in a response if the string is from an untrusted source.

System.Web.HttpUtility.HtmlEncode will encode these characters:

   Character       Encoded
    <        &lt;
    >        &gt;
    "        &quot;
    &        &amp;
    '        &#39; (.Net 4.0 Only)

No comments:

Get This <