In case you have enable users to input html without validating and display without encoding (Eg: Using @Html.Raw), then you make the site prone to XSS. .NET provides an Anti XSS library to use in such scenarios.
1) Download the library through VS NuGet package manager
2) The following DLL's will be added in the solution reference
3) Use the library to remove all XSS causing scripts that may be included in the user inputs.
Example:
review.Body = Sanitizer.GetSafeHtmlFragment(review.Body);
No comments:
Post a Comment