我有一个。Net Core API在我试图使用HttpContext.Request.Form["TestInput"]
读取参数。这个特定的行被某个工具检测为跨站点脚本(反射)问题。问题是什么,我们如何补救?
代码:
[ApiController]
[Route("api/[controller]/[action]")]
public class TestController
{
public IActionResult TestAction()
{
var str=Convert.ToString(HttpContext.Request.Form["TestInput"]); // this line is detected as Cross Site Scripting issue
// bla bla bla
return OK();
}
}
您可以使用以下代码:
var str= Convert.ToString( HttpUtility.HtmlEncode(HttpContext.Request.Form["TestInput"]));