XSS Prevention .NET Core 2.x and above

Question

We have an asp.net core 2.1 web api wherein we have an endpoint to post vendors with sample payload below which gets stored in PostgreSQL DB. Currently, we have identified an XSS vulnerability if we pass a script that we want to restrict and sanitize the payloads.

I searched over the internet but can't find a working solution for .NET Core which helps prevent XSS attack. Can anyone please provide a solution for the same with a sample code block.

Thank you in advance.

[{
    "Vendor1": {
        "Name": "Happy Customer 1 “><script>alert(“XSS”)</script>",
        "UIN": ""
    },
    "Vendor2": {
        "Name": "Happy Customer 2 “><script>alert(“XSS”)</script>",
        "UIN": ""
    }
}]

Answer 1

Ways of preventing XSS -

1. HTML encode the input that is coming in. Reference: https://docs.microsoft.com/en-us/dotnet/api/system.web.httputility.htmlencode?view=netcore-2.0

2. Input validation by whitelisting.

You can follow this reference, which shows all the ways of preventing XSS in .Net Core: https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting?view=aspnetcore-2.0

I hope this helps