include::../description.adoc[]

== Noncompliant Code Example

----
string value = Request.QueryString["value"];
Response.AddHeader("X-Header", value); // Noncompliant
----

== Compliant Solution

----
string value = Request.QueryString["value"];
// Allow only alphanumeric characters
if (value == null || !Regex.IsMatch(value, "^[a-zA-Z0-9]+$"))
{
  throw new Exception("Invalid value");
}
Response.AddHeader("X-Header", value);
----

include::../see.adoc[]