search

excellarateinc / voyage-api-dotnet

Enterprise grade C# .NET Web Services API implementing industry standard best practices
Apache License 2.0
16 stars 14 forks source link

XSS prevention and apidocs comments update to have api sample request #91

Closed rajeshpandalss closed 7 years ago

rajeshpandalss commented 7 years ago

Kindly review this. Following is the link to sample xss infected post request. https://www.getpostman.com/collections/11bd13fb5df8673d2140

rajeshpandalss commented 7 years ago

Nu, this was done as per the Java Apis. Will get it corrected across the application.

On 04-May-2017 8:49 PM, "Nu Maniphanh" notifications@github.com wrote:

@maniphanh commented on this pull request.

In Voyage.Api/API/v1/AccountController.cs https://github.com/lssinc/voyage-api-dotnet/pull/91#discussion_r114808923 :

@@ -26,7 +26,7 @@ public AccountController(IUserService userService)

  • @apiGroup Account
  • @apiPermission none
  • *
    • @apiSampleRequest localhost:55850/api/v1/account/register

all localhost references will not work when we push to server

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lssinc/voyage-api-dotnet/pull/91#pullrequestreview-36299796, or mute the thread https://github.com/notifications/unsubscribe-auth/AXVmE7XS4UXWHczA0YChLk8Fp1WzdVP1ks5r2ex5gaJpZM4NQvC_ .

maniphanh commented 7 years ago

Once you change it go ahead merge and check in then verify it in QA as well