mensretito
New Member
I have a controller which accepts\[code\]public class MyModel{ [MaxLength(400)] public string Message { get; set; }}\[/code\]I have a WebApi Post Action\[code\]public HttpResponseMessage Post(MyModel viewModel){ if (!ModelState.IsValid) return new HttpResponseMessage(HttpStatusCode.BadRequest); ...}\[/code\]And a get action. Since the content is written out by javascript rather than directly in a view the exact content was getting written out, also no asp.net warnings about dangerous content kicked in.I want to protect against XSS. At the moment I am doing\[code\]HttpUtility.HtmlEncode(Regex.Replace(p.Message, @"<[^>]*>", String.Empty))\[/code\]in the Get action. (Taken some code from http://stackoverflow.com/questions/787932/using-c-sharp-regular-expressions-to-remove-html-tags but clicking through to http://wpl.codeplex.com/ is seems to be very badly reviewed.