From the course: Security in ASP.NET Core

Unlock this course with a free trial

Join today to access over 24,800 courses taught by industry experts.

Cross-site scripting (XSS) in single-page applications

Cross-site scripting (XSS) in single-page applications - ASP.NET Tutorial

From the course: Security in ASP.NET Core

Start my 1-month free trial Buy for my team

Cross-site scripting (XSS) in single-page applications

- [Instructor] When talking about single application frameworks, you may first think about Blazor, but Blazor is using the Razor engine as well, so everything we've discussed with regards to HTML escaping for ASP.NET Core MVC and Razor Pages also applies to Blazor. So, you are already set there. However, there are other single-page application frameworks as well. And while they are a little bit beyond the scope of this ASP.NET Core security course, I still would like to briefly cover this topic. So what does, for instance, Angular do against cross-site scripting? Turns out there is some automated protection. If you are binding data using the double curly braces, you get automated HTML escaping out of the box. So once again, even if you have no clue about cross-site scripting, and of course, now you have lots of clue (chuckles) with regards to cross-site scripting, but even if you hadn't, you would have some solid protection against the attack. There are some areas where this HTML…

Contents