We have an external team to test security, they use a tool to achieve that. The report shows that all code written like :

actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest);

has a vulnerability to XSS attacks, could you please explain how this is could be possible and how we can I fix the issue ?



0 Answers