Answer the question
In order to leave comments, you need to log in
2 answer(s)
@dmitryKovalskiy
@Kolay_Net
And when outputting to the form, encode the value, for example, using AntiXssEncoder
https://msdn.microsoft.com/ru-ru/library/system.we...
www.codeguru.com/csharp/.net/net_asp/preventing-cr. ..Or
code with JS
weblogs.asp.net/jongalloway/preventing-javascript-...
D
Dmitry Kovalsky, 2016-02-04 @dmitryKovalskiy
With such a statement of the problem, it is more important for you to control the INPUT of data, and not the OUTPUT. The ASP.NET libraries, as far as I know, do not have methods like .RemovePotentialIssuesFromHtml() - define accordingly what the user can enter and what he cannot. Delete them when saving, or notify the client that he has introduced potentially dangerous constructs.
N
Nikolai Mokhov, 2016-02-13 @Kolay_Net
You can use the HtmlSanitizer library
https://github.com/mganss/HtmlSanitizer
It will help you remove unsafe HTML tags.
If you do not want to delete the tags entered by users, then set the AllowHtmlAttribute attribute for the field
public class BlogEntry {
public int UserId {get;set;}
[AllowHtml]
public string BlogText {get;set;}
}And when outputting to the form, encode the value, for example, using AntiXssEncoder
https://msdn.microsoft.com/ru-ru/library/system.we...
www.codeguru.com/csharp/.net/net_asp/preventing-cr. ..Or
code with JS
weblogs.asp.net/jongalloway/preventing-javascript-...
Similar questions
S
N
A
N
Nikolay2015-05-05 17:24:34
In PLUNK everything works fine. Why doesn't it work on the computer?
3Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question