AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implementierung von HtmlSanitizer und UrlEncoder zur Absicherung von Benutzereingaben gegen XSS und URL-Manipulationsanfälligkeiten.

Browse Source
This commit is contained in:
Developer 02
2024-05-07 16:26:04 +02:00
parent b19cccdc34
commit d8617093ce
11 changed files with 117 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
EnvelopeGenerator.Web/Program.cs
View File

@@ -14,6 +14,8 @@ using Microsoft.AspNetCore.Authentication.Cookies;
using DigitalData.UserManager.Application.MappingProfiles;
using EnvelopeGenerator.Web.Models;
using DigitalData.Core.DTO;
using System.Text.Encodings.Web;
using Ganss.Xss;
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
logger.Info("Logging initialized!");
@@ -151,6 +153,15 @@ try
builder.Services.AddCookieBasedLocalizer();
builder.Services.AddSingleton(HtmlEncoder.Default);
builder.Services.AddSingleton(UrlEncoder.Default);
builder.Services.AddSingleton(_ =>
{
var sanitizer = new HtmlSanitizer();
//configure sanitzer
return sanitizer;
});
var app = builder.Build();
// Configure the HTTP request pipeline.
@@ -166,6 +177,15 @@ try
app.UseHttpsRedirection();
app.UseStaticFiles();
var csp = builder.Configuration["Content-Security-Policy"];
if(csp is not null)
app.Use(async (context, next) =>
{
context.Response.Headers.Add("Content-Security-Policy", csp);
await next();
});
app.UseCookiePolicy();
app.UseRouting();