Last post Dec 19, 2015 02:53 PM by damienBod
Dec 18, 2015 08:52 AM|gsnaveen|LINK
We are developing a Web Api solution hosted as a Azure mobile service. This Api basically exposes a back end Database entities via GET, PATCH, POST, DELETE. iOS (iPad) application will be consuming this API.
My problem (confusion) is,
1) Should Web API handle Xss (cross site scripting) threats? or it is client responsibility?
2) If Web API should handle Xss threats, should i use System.Web.Security.AntiXss library? or use some other library?
3) Should i encode (AntiXssEncoder) and save in database or encode while returning the data?
Please let me know how should i address Xss threat in my Web API code.
Dec 18, 2015 01:59 PM|bobj181|LINK
to another site.
You need to find out if you have this issue and how to factor for it.
Dec 19, 2015 03:15 AM|gsnaveen|LINK
Thanks for your response bobj181. In my case the API consumer will be iPad application. So, no need to handle Xss in Web API? In case i have to handle Xss in Web API, what is recommended way to do it?
Dec 19, 2015 02:53 PM|damienBod|LINK
Use OAuth2 with OpenId