brgdotnet
asked on
How to best deal with a cross site scripting threat
I have security audit scan that is flagging line 4 below
"The method DisplayCustomMessage() in clientSummary.cs sends unvalidated data to a web browser on line 4 which can result in the browser executing malicious code."
This appears to be a cross site scripting vulnerability. So how can I correct this code?
1. private void DisplayCustomMessage(strin g msg)
2. {
3. lblMsg.CssClass = "pling";
4. lblMsg.Text = msg
5. lblMsg.Visible = true
6.
7.}
"The method DisplayCustomMessage() in clientSummary.cs sends unvalidated data to a web browser on line 4 which can result in the browser executing malicious code."
This appears to be a cross site scripting vulnerability. So how can I correct this code?
1. private void DisplayCustomMessage(strin
2. {
3. lblMsg.CssClass = "pling";
4. lblMsg.Text = msg
5. lblMsg.Visible = true
6.
7.}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER