Security
Input Validation
This project utilizes input validation to protect against various security vulnerabilities, especially Cross-Site Scripting (XSS).
- Example: The
AddPacmancomponent inPages/Pacman.razordemonstrates input validation:
// User Input Validation: Prevents XSS attacks
private void AddPacman(PacmanModel model)
{
// Validate user input to prevent malicious code injection
if (!string.IsNullOrEmpty(model.PacmanName) &&
model.PacmanName.Length <= 20 &&
Regex.IsMatch(model.PacmanName, @"^[a-zA-Z0-9]+$"))
{
_pacmen.Add(model);
// ...rest of the code
}
else
{
// Handle invalid input
// ... (e.g., display error message)
}
}
This code example checks the PacmanName for several criteria:
- Not Empty: The
string.IsNullOrEmptycheck ensures that the user has entered something. - Length Limit: The
model.PacmanName.Length <= 20condition restricts the name to a maximum length, preventing excessively long inputs that could potentially cause denial-of-service attacks. - Regex Validation: The
Regex.IsMatchcondition applies a regular expression to allow only alphanumeric characters, preventing the injection of potentially harmful HTML or JavaScript code.
By implementing these validation steps, this project aims to minimize the risk of XSS attacks.
