Cross site scripting reflected in mvc

May 11, 2015 at 7:29 AM

I have a software security problem in my mvc application reported as "Cross Site Scripting : Reflected". The below code is the sample scenario used in controller.

Line 1: public JsonResult FillDropdown(Department objModel)
Line 2: {
Line 3: string DeptId = objModel.DepartmentId;
Line 4: dsDept = objService1.RetrieveDepartments(DeptId);
Line 5: objModel.lstDept = ConvertToList(dsDept);
Line 6: objModel.DeptFlag = "True";
Line 7: return Json(objModel);
Line 8: }

Error : Cross Site Scripting : Reflected
Error reported in line no 1 and 7.
Please help me to resolve this issue

May 11, 2015 at 12:43 PM
This is a question for an MVC forum, where you would find this is by design. JSON is meant for browser javascript based manipulation, where adding via the InnerText property or via JQuery would perform the correct encoding. There is no issue to resolve.
Marked as answer by bdorrans on 5/11/2015 at 5:43 AM