Is context.HttpContext.Request.RawUrl inside a controller action a "must fix" problem?
I am trying to highlight everywhere in four .NET Applications which are exposed to XSS URL hacking.
So, it seems EVERY TIME I find the line of code:
I need sanitize it by checking the web domains against my white list.
Is this a correct assumption, that EVERY instance of RawURL is dangerous?
Can you think of any other C# keywords I can search for while looking for vulnerabilities on the C#.NET application?