From 62f0f6e857c5648bc6573af20fe85d45abd4ac16 Mon Sep 17 00:00:00 2001 From: Troy Dai Date: Mon, 22 Aug 2016 22:30:11 -0700 Subject: [PATCH] HtmlEncode all user input in Azure OpenID sample --- samples/OpenIdConnect.AzureAdSample/Startup.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs index 0645b995ed..fcfc7b4df0 100644 --- a/samples/OpenIdConnect.AzureAdSample/Startup.cs +++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs @@ -157,7 +157,7 @@ namespace OpenIdConnect.AzureAdSample string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)); - await response.WriteAsync($"

access_token

{result.AccessToken}
"); + await response.WriteAsync($"

access_token

{HtmlEncode(result.AccessToken)}
"); } catch (Exception ex) { @@ -184,7 +184,7 @@ namespace OpenIdConnect.AzureAdSample await response.WriteAsync(""); foreach (var column in columns) { - await response.WriteAsync($"{column}"); + await response.WriteAsync($"{HtmlEncode(column)}"); } await response.WriteAsync(""); foreach (var row in data) @@ -192,7 +192,7 @@ namespace OpenIdConnect.AzureAdSample await response.WriteAsync(""); foreach (var column in row) { - await response.WriteAsync($"{column}"); + await response.WriteAsync($"{HtmlEncode(column)}"); } await response.WriteAsync(""); }