XSS Code Review (Encoding) pointers for ASP.NET MVC


When code reviewing ASP.NET MVC application to prevent passive XSS issues (for an example of an active XSS issue see Active XSS example) there are two areas broadly to consider 1) What is being sub…

Source: XSS Code Review (Encoding) pointers for ASP.NET MVC

Advertisements