public IActionResult Contact(ContactViewModel model)
{
model.OriginalStr = model.Str;
model.Str = model.Str.ParseMarkdown();
Response.Headers.Add("X-XSS-Protection", "0");
return View(model);
}
public IActionResult Contact()
{
var str = @"<script>alert('xss')</script><div onload=""alert('xss')"""
+ @"style=""background-color: aqua"">Test<img src=""https://lh5.googleusercontent.com/-drrRi1dWOQQ/AAAAAAAAAAI/AAAAAAAAAAA/AMW9IgcL7q_lfB00a-OlXFlFZeUYTGjqSg/s96-c-mo/photo.jpg"""
+ @"style=""background-image: url(javascript:alert('xss')); margin: 10px""></div>";
var model = new ContactViewModel
{
OriginalStr = str,
Str = str.ParseMarkdown()
};
ViewData["Message"] = @"CommonMark and Anti XSS Demo";
return View(model);
}
