Stored cross-site scripting¶
ID: cs/web/stored-xss
Kind: path-problem
Security severity: 6.1
Severity: error
Precision: medium
Tags:
- security
- external/cwe/cwe-079
- external/cwe/cwe-116
Query suites:
- csharp-security-extended.qls
- csharp-security-and-quality.qls
Click to see the query in the CodeQL repository
Directly writing user input (for example, an HTTP request parameter) to a webpage, without properly sanitizing the input first, allows for a cross-site scripting vulnerability.
Recommendation¶
To guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the references.
Example¶
The following example shows the page parameter being written directly to the server error page, leaving the website vulnerable to cross-site scripting.
using System;
using System.Web;
public class XSSHandler : IHttpHandler
{
public void ProcessRequest(HttpContext ctx)
{
ctx.Response.Write(
"The page \"" + ctx.Request.QueryString["page"] + "\" was not found.");
}
}
References¶
Wikipedia: Cross-site scripting.
Common Weakness Enumeration: CWE-79.
Common Weakness Enumeration: CWE-116.