Preventing Cross Site Scripting C#

Question

Hi I used HPE Fortify to scan my application and it show a cross site scripting vulnerability on my codes.

How do i prevent cross site scripting based on the codes below?

LabelErrorResult.Text += "<li>Duplicate selection for sequence " + ddl.SelectedValue + "</li>";

Read http://stackoverflow.com/questions/53728/will-html-encoding-prevent-all-kinds-of-xss-attacks for a good answer. — Frank, Dec 23 '16 at 06:36

score 0 · Accepted Answer · answered Dec 23 '16 at 07:03

0

Use HtmlEncode and then decode it like

String unsafevar = HttpContext.Current.Server.HtmlEncode("ddl.SelectedValue");

LabelErrorResult.Text += "<li>Duplicate selection for sequence " + HttpContext.Current.Server.HtmlDecode(usafevar); + "</li>";

For more you can visit msdn https://msdn.microsoft.com/en-us/library/w3te6wfz(v=vs.110).aspx

answered Dec 23 '16 at 07:03

Saad Suri

1,352
1
14
26

You can mark it correct answer. It is way to thanks at SO @Marcus – Saad Suri Dec 28 '16 at 04:39
I do not really understand this line of code: – Marcus Dec 28 '16 at 05:49
Response.BinaryWrite(buffer); i got this issue due to xss too, any idea how to resolve this? – Marcus Dec 28 '16 at 05:50
Why do you need Response.BinaryWrite ? – Saad Suri Dec 28 '16 at 08:53
If you encode and then decode it, you get the original unsafe code appended. – user5389726598465 Apr 05 '18 at 17:03

Preventing Cross Site Scripting C#

1 Answers1