Closed Barkhat26 closed 3 years ago
Method SafeString.Format takes interpolated string after converstion of interpolated strings to string. For example, following code:
string input = "<script>alert(`XSS`)</script>"; Console.WriteLine(SafeString<Html>.Format($"<p>{input}</p>"));
prints out to terminal following text:
<p><script>alert(`XSS`)</script><p>
instead of:
<p><script>alert(`XSS`)</script></p>
Method SafeString.Format takes interpolated string after converstion of interpolated strings to string.
For example, following code:
prints out to terminal following text:
<p><script>alert(`XSS`)</script><p>instead of:
<p><script>alert(`XSS`)</script></p>