You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the Abp.Sanitizer package (any version), sanitization happens after validation in the pipeline. Which means that if I have a dto with a [Required] property, and also want to sanitize the input, and my input is "<script>test</script>", the value after sanitization will be empty. This means that it bypasses the validation.
The text was updated successfully, but these errors were encountered:
The easiest way to test this would be to have a dto with a required property and to add the HtmlSanitizerAttribute to the method in the app service that uses the dto for input. The value should be something like "<script>test</script>", which, after sanitization, will be "". Even though the property has the RequiredAttribute, the method will be accessible and validation is skipped.
If my explanation is not clear, I can also make an example.
When using the Abp.Sanitizer package (any version), sanitization happens after validation in the pipeline. Which means that if I have a dto with a
[Required]
property, and also want to sanitize the input, and my input is"<script>test</script>"
, the value after sanitization will be empty. This means that it bypasses the validation.The text was updated successfully, but these errors were encountered: