Currently i am accepting models in my web apis. I am thinking to decorate my properties which are vulnerable to xss attacks. That should remove all the scripts tags etc. Is there any library which can help me in this...
public class ClassToSanitze
{
public int Id {get;set;}
[Sanitize]
public string Name {get;set;}
}
There is nothing that does what you are trying to achieve. Read this Microsoft guide on preventing XSS
I find the following the most important guideline
Validation can be a useful tool in limiting XSS attacks. For example, a numeric string containing only the characters 0-9 won't trigger an XSS attack. Validation becomes more complicated when accepting HTML in user input. Parsing HTML input is difficult, if not impossible. Markdown, coupled with a parser that strips embedded HTML, is a safer option for accepting rich input. Never rely on validation alone. Always encode untrusted input before output, no matter what validation or sanitization has been performed.
Some good answers here too: How can I strip html tags in C#
Basically, the only thing to do is to Html encode the strings.
