I have security audit scan that is flagging line 4 below
"The method DisplayCustomMessage() in clientSummary.cs sends unvalidated data to a web browser on line 4 which can result in the browser executing malicious code."
This appears to be a cross site scripting vulnerability. So how can I correct this code?
1. private void DisplayCustomMessage(string msg)
3. lblMsg.CssClass = "pling";
4. lblMsg.Text = msg
5. lblMsg.Visible = true