7 lines
701 B
Plaintext
7 lines
701 B
Plaintext
ASP.NET 1.1+ comes with a feature called _Request Validation_, preventing the server to accept content containing un-encoded HTML. This feature comes as a first protection layer against Cross-Site Scripting (XSS) attacks and act as a simple Web Application Firewall (WAF) rejecting requests potentially containing malicious content.
|
|
|
|
While this feature is not a silver bullet to prevent all XSS attacks, it helps to catch basic ones. It will for example prevent ``++<script type="text/javascript" src="https://malicious.domain/payload.js">++`` to reach your Controller.
|
|
|
|
|
|
Note: _Request Validation_ feature being only available for ASP.NET, no Security Hotspot is raised on ASP.NET Core applications.
|