no. here is discussion of the issue:
https://github.com/aspnet/BasicMiddleware/issues/64
you should do proper server coding instead. no Html.Raw() and no string concat for sql values, use parameters..
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am developing an app in asp.net core. Previous versions of .net would catch if I entered <script>[script]</script> and throw the A potentially dangerous Request.QueryString value was detected from the client. With asp.net core, I am not getting this error. Is there an equivalent in asp.net core to check for "illegal" characters for xss and sql injection?
no. here is discussion of the issue:
https://github.com/aspnet/BasicMiddleware/issues/64
you should do proper server coding instead. no Html.Raw() and no string concat for sql values, use parameters..
Hi @ask ,
As Bruce said, we should do it by using server coding like this article said.
Besides, for old bowser we could use X-XSS-Protection response header. More details, you could refer to this article.
For morden browser, you could set the Content Security Policy header to enable the XSS protection checking. More details, you could refer to this article.