public IActionResult Contact(ContactViewModel model) { model.OriginalStr = model.Str; model.Str = model.Str.ParseMarkdown(); Response.Headers.Add("X-XSS-Protection", "0"); return View(model); }
public IActionResult Contact() { var str = @"<script>alert('xss')</script><div onload=""alert('xss')""" + @"style=""background-color: aqua"">Test<img src=""https://lh5.googleusercontent.com/-drrRi1dWOQQ/AAAAAAAAAAI/AAAAAAAAAAA/AMW9IgcL7q_lfB00a-OlXFlFZeUYTGjqSg/s96-c-mo/photo.jpg""" + @"style=""background-image: url(javascript:alert('xss')); margin: 10px""></div>"; var model = new ContactViewModel { OriginalStr = str, Str = str.ParseMarkdown() }; ViewData["Message"] = @"CommonMark and Anti XSS Demo"; return View(model); }