网页中基于脚本的HTML标记的中和不当(基本XSS)(CWE ID 80)for response.BinaryWrite

时间:2016-11-10 14:11:17

标签: c# xss veracode

我试过对文件名应用编码,但仍然在 response.BinaryWrite(data);

中获得了veracode错误

以下是我的代码:

                    WebClient req = new WebClient();
                    HttpResponse response = HttpContext.Current.Response;
                    response.Clear();
                    response.ClearContent();
                    response.ClearHeaders();
                    response.Buffer = true;
                    response.AddHeader("Content-Disposition", "attachment;filename=\"" + XSSSec.Encoder.HtmlEncode(FileName) + "\"");
                    byte[] data = req.DownloadData(FilePath);
                    response.BinaryWrite(data);
                    Response.Flush();
                    Response.SuppressContent = true;

有任何解决此问题的建议吗?

0 个答案:

没有答案
相关问题
最新问题