我有以下控制器代码:
[HttpPost]
public ActionResult Reset(FormCollection form)
{
string[] userName = form.GetValues("username");
Models.HomeModel hm = new Models.HomeModel();
//Check this map exists, as in the user actual exists
//at all.
if (!hm.UserExists(userName[0]))
return View("Index");
if (hm.CheckForExistingLink(userName[0]))
return View("LinkExists");
if (hm.CreateLink(userName[0]))
return View("Success");
else
return View("UnSuccessful");
}
如果用户<b>作为用户名输入,那么它会引发应用程序错误,那么防止 XSS 的最简单方法是什么?我查看了 Sanitizer AntiXSS,但在将其添加到项目并在参考中看到它可用后,我仍然无法调用它