== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

[source,csharp]
----
string value = Request.QueryString["value"];
Response.AddHeader("X-Header", value); // Noncompliant
----

=== Compliant solution

[source,csharp]
----
string value = Request.QueryString["value"];
// Allow only alphanumeric characters
if (value == null || !Regex.IsMatch(value, "^[a-zA-Z0-9]+$"))
{
  throw new Exception("Invalid value");
}
Response.AddHeader("X-Header", value);
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]