I've recently read that I have to HTML encode and JavaScript encode user submitted data in order to prevent attacks.
我最近读到我必须对HTML编码和JavaScript编码用户提交的数据以防止攻击。
- Do I need to JavaScript encode ASP.NET MVC with Bootstrap? (see specific example below)
- And if yes, how do I do it?
我是否需要使用Bootstrap对ASP.NET MVC进行JavaScript编码? (见下面的具体例子)
如果是的话,我该怎么做?
As I've understood, @Model.xxx automatically HTML encodes any data. However, I'm curious what happens in terms of encoding when I use various JS functionality in Bootstrap. Both for my specific case and in general.
据我所知,@ Model.xxx会自动对HTML进行编码。但是,我很好奇当我在Bootstrap中使用各种JS功能时,在编码方面会发生什么。对于我的具体案例和一般情况。
Specifically I am using 'Popovers' with HTML content like this:
具体来说,我正在使用像这样的HTML内容的'Popovers':
<button ... data-html="true" data-container="body" data-toggle="popover" data-content="<strong>text</strong><br/> etc..." >
Popover on left
</button>
1 个解决方案
#1
0
XSS has nothing to do with Bootstrap. If you want to prevent XSS attacks in ASP.NET MVC. You may take a look on AntiForgeryToken. Phil Haacked has a post regarding AntiForgeryToken
XSS与Bootstrap无关。如果要防止ASP.NET MVC中的XSS攻击。你可以看看AntiForgeryToken。 Phil Haacked有一篇关于AntiForgeryToken的帖子
#1
0
XSS has nothing to do with Bootstrap. If you want to prevent XSS attacks in ASP.NET MVC. You may take a look on AntiForgeryToken. Phil Haacked has a post regarding AntiForgeryToken
XSS与Bootstrap无关。如果要防止ASP.NET MVC中的XSS攻击。你可以看看AntiForgeryToken。 Phil Haacked有一篇关于AntiForgeryToken的帖子