Last post Nov 18, 2019 07:38 AM by Fei Han - MSFT
Nov 15, 2019 03:43 AM|gadekarcomp|LINK
I have below Web API request
"description": "testing request <script> alert('hello) </script> testing again"
above request body description added script tag with alert. (XSS case, it could be any script which may dangerous vulnerability for this request)
Will it be a kind of vulnerability cross-site scripting attack? also how we can prevent such attack for web API request?
Nov 18, 2019 07:38 AM|Fei Han - MSFT|LINK
Does your API enable consumer to submit html content with scripts? you can try to encode these untrusted data that user submitted.
And this SO thread discussed similar issue, you can refer to it.
Besides, if possible, please clarify more about your scenario/requirement, so that we can understand it better.