Cross Site Scripting (XSS) High

Cross Site Scripting (XSS) is an attack which exploits a web application or system to treat user input as markup or script code. It is important to encode the data depending on the specific context it is used in.

Detector ID
csharp/cross-site-scripting@v1.0
Category
Common Weakness Enumeration (CWE) external icon
Tags
-

Noncompliant example

1[HttpGet]
2public string Get(string untrusted)
3{
4    // Noncompliant: Directly use untrusted data from input
5    return "value " + untrusted;
6}

Compliant example

1[HttpPost]
2[ValidateAntiForgeryToken]
3public string Post(string untrusted)
4{
5    // Compliant: Encode untrusted data before use
6    return "value " + HttpUtility.HtmlEncode(untrusted);
7}