By default the ValidateInput value is true.
When you set the ValidateInput (false) , the system will not verify the input. So, the system will accept any text/content even it includes HTML tags. This is easy for malicious user to perform the cross site scripting (XSS).
To prevent the XSS when you set ValidateInput to false:
- Install the "AntiXSSLibrary" from NuGet
- and in your code, sanitize the content of textbox by:
textbox1.Body = Sanitizer.GetSafeHtmlFragment(textbox1.Body);
When you set the ValidateInput (false) , the system will not verify the input. So, the system will accept any text/content even it includes HTML tags. This is easy for malicious user to perform the cross site scripting (XSS).
To prevent the XSS when you set ValidateInput to false:
- Install the "AntiXSSLibrary" from NuGet
- and in your code, sanitize the content of textbox by:
textbox1.Body = Sanitizer.GetSafeHtmlFragment(textbox1.Body);
No comments:
Post a Comment