0

I am using the tool Checkmarx to scan code for security vulnerabilities. One particular one is "Reflected XSS All Clients". The general fix to sanitize this is to use HttpUtility.UrlEncode or HttpUtility.HtmlEncode. I have come across some code that either one of these functions breaks the code since it strips out the tags which in this case are needed for a redirect. This is not code I have written, but scanning for a client. Any ideas on another way to fix this vulnerability?

        private string GetRedirectForm(string url, string response)
        {
            StringBuilder sb = new StringBuilder();
            sb.Append("<html>");
            sb.AppendFormat("<body onload='document.forms[0].submit()'>");
            sb.AppendFormat("<form action='{0}' method='post'>", url);
            sb.AppendFormat("<input type='hidden' name='SAMLResponse' value='{0}'>", response);
            sb.Append("</form>");
            sb.Append("</body>");
            sb.Append("</html>");
            return HttpUtility.UrlEncode( sb.ToString());
        }
Mark
  • 31
  • 1
  • You want a way to fix the vulnerability without fixing it? The code needs to be changed if fixing security causes code to break, not the other way around. Sounds like the security test fails correctly, but you want a false negative? – Zer0 May 02 '23 at 04:01

0 Answers0