I have a class which inherits from a System.IO.StringWriter. A code snippet of the class is as shown below:
public class httpHelper : StringWriter
{
private HttpResponse _httpResponse;
public httpHelper(HttpResponse httpResponse)
{
_httpResponse = httpResponse;
}
public virtual void WriteText(string input)
{
_httpResponse.Write(input);
}
}
A veracode scan showed that _httpResponse.Write(input) would cause "Information Exposure through a Error Message". Without mitigating this issue, is there a (alternative) way to resolve this issue? Would sanitizing the parameter "input" help? in that case, would encoding the input suffice? Please advice.