From 6d2f4c77d450076d380747540d94867d6b6887a5 Mon Sep 17 00:00:00 2001 From: Steven Knox Date: Tue, 16 May 2017 16:16:00 +0100 Subject: [PATCH 1/2] Added InputSanitizer docs --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 7442997..2052775 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,38 @@ private IGenericRepository _service; _service = service; } +Input can be sanitized for Post and Put requests by registering a service in startup that inherits from IInputSanitizer and implements the method Sanitize. + services.AddTransient(); + +You can provide your own implementation within your InputSanitizer.cs class, for example using the HtmlSanitizer nuget package as follows: + + using GenericApi; + using Ganss.XSS; + + namespace StoreWebApi.Services + { + public class InputSanitizer : IInputSanitizer + { + public string Sanitize(string input) + { + var sanitizer = new HtmlSanitizer(); + + return sanitizer.Sanitize(input); + } + } + } + +You can also add this to other Controllers in your project by using the [SanitizeModel] attribute. + + [HttpPost] + [SanitizeModel] + public IActionResult Post([FromBody]ProductDTO input) + { + + } + +If you dont register a service IInputSanitizer in your startup.cs this process will be skipped and your API controller will accept any input sent from the client. I have included a full working sample MVC project along with the source code showing all of the configuration in place. From 2ca75ad8e078d675df6afa8c367dea48c239aaf9 Mon Sep 17 00:00:00 2001 From: Steven Knox Date: Tue, 16 May 2017 17:16:29 +0100 Subject: [PATCH 2/2] Modified to use AddGenericServices overload --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2052775..209eebc 100644 --- a/README.md +++ b/README.md @@ -93,9 +93,9 @@ private IGenericRepository _service; _service = service; } -Input can be sanitized for Post and Put requests by registering a service in startup that inherits from IInputSanitizer and implements the method Sanitize. +Input can be sanitized for Post and Put requests by registering passing in the service to 'AddGenericServices' in startup. The service must inherit from IInputSanitizer and implements the method Sanitize. - services.AddTransient(); + services.AddGenericServices(UseSanitizer: typeof(InputSanitizer)); You can provide your own implementation within your InputSanitizer.cs class, for example using the HtmlSanitizer nuget package as follows: