.Net Core API HttpContext.Request.Form 上的跨站脚本
.Net Core API Cross Site Scripting on HttpContext.Request.Form
我有一个 .Net Core API,我正在尝试使用 HttpContext.Request.Form["TestInput"] 读取参数。该特定行被其中一个工具检测为跨站点脚本(反射)问题。问题是什么,我们该如何补救?
代码:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
您可以使用代码:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));
我有一个 .Net Core API,我正在尝试使用 HttpContext.Request.Form["TestInput"] 读取参数。该特定行被其中一个工具检测为跨站点脚本(反射)问题。问题是什么,我们该如何补救?
代码:-
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
您可以使用代码:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));