Cross-Site Scripting (XSS)

3 Jun 20241 minute to read

Cross-Site Scripting is a security vulnerability and a client-side injection attack. Attackers inject the malicious code in a web application, usually JavaScript but could also be HTML or CSS. To prevent this aspect, the API EnableHtmlSanitizer is provided and its default value is set to true.

EnableHtmlSanitizer Supported Controls

The following list demonstrates the Syncfusion ASP.NET Core controls that are supported with EnableHtmlSanitizer property.

• Accordion
• Button
• CheckBox
• ContextMenu
• DashboardLayout
• Dialog
• DropDownButton
• FileManager
• InPlaceEditor
• ListView
• Menu
• MultiSelect
• PivotView
• ProgressButton
• RadioButton
• RichTextEditor
• Slider
• SplitButton
• Splitter
• Tab
• Toast
• ToolBar
• Tooltip
• TreeView

See also

• Develop an ASP.NET Core web application securely
• Perform CRUD operation in Grid control using anti-forgery token
• Prevent cross-site scripting in RichTextEditor control
• Shield Your ASP.NET MVC Web Applications with Content Security Policy (CSP)