<div>
<div class="content wysiwyg-content">
I have security audit scan that is flagging line 4 below<br />
&quot;The method DisplayCustomMessage() in clientSummary.cs sends unvalidated data to a web browser on line 4 which can result in the browser executing malicious code.&quot;<br />
<br />
This appears to be a cross site scripting vulnerability. So how can I correct this code? <br />
<br />
1. &nbsp;private void DisplayCustomMessage(strin<wbr />g msg)<br />
2. &nbsp;{<br />
3. &nbsp; &nbsp; &nbsp;lblMsg.CssClass = &quot;pling&quot;;<br />
4. &nbsp; &nbsp; &nbsp;lblMsg.Text = msg<br />
5. &nbsp; &nbsp; &nbsp;lblMsg.Visible = true<br />
6.<br />
7.}
</div>
</div>


I have security audit scan that is flagging line 4 below
"The method DisplayCustomMessage() in clientSummary.cs sends unvalidated data to a web browser on line 4 which can result in the browser executing malicious code."

This appears to be a cross site scripting vulnerability. So how can I correct this code? 

1.  private void DisplayCustomMessage(string msg)
2.  {
3.      lblMsg.CssClass = "pling";
4.      lblMsg.Text = msg
5.      lblMsg.Visible = true
6.
7.}

How to best deal with a cross site scripting threat

C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.