RickStrahl / Westwind.Utilities

A general purpose utility and helper library for .NET development
MIT License
256 stars 61 forks source link

Update HtmlUtils.cs to fix XSS Attack , it's different between Westwind.Utilities.HtmlEncode and System.Web.HttpUtility.HtmlEncode on `'`. #8

Closed shps951023 closed 5 years ago

shps951023 commented 5 years ago

Update HtmlUtils.cs to fix XSS Attack , it's different between Westwind.Utilities.HtmlEncode and System.Web.HttpUtility.HtmlEncode on '. by shps951023 · Pull Request #7 · RickStrahl/Westwind.Utilities

it's different between Westwind.Utilities.HtmlEncode and System.Web.HttpUtility.HtmlEncode on '.

    var HttpUtilityEncodeResult = System.Web.HttpUtility.HtmlEncode("alert('XSS Attack')"); //"alert('XSS Attack')"
    var WestwindEncodeResult = Westwind.Utilities.HtmlUtils.HtmlEncode("alert('XSS Attack')"); //"alert('XSS Attack')"

RickStrahl commented 5 years ago

Fixed in #7