[研究]Mend(WhiteSource)建議 Session 用 HttpUtility.HtmlEncode，仍說有問題，但無建議

[研究]Mend(WhiteSource)建議 Session 用 HttpUtility.HtmlEncode，仍說有問題，但無建議

2026-06-08

ASP.NET WebForm，Mend (WhiteSource) 建議

Literal1.Text = Literal1.Text + "-" + (string)Session["MyName"];

改成

Literal1.Text = Literal1.Text + "-" + HttpUtility.HtmlEncode((string)Session["MyName"]);

改完後又說

A sensitive sink function was discovered. It causes a High severity Cross-Site Scripting vulnerability.

而建議是

No remediation was suggested by the AI. This may indicate that the finding is a false positive.

原本是 High，照建議修改後，還是 High。

*****

下圖，

下圖，照建議改完後，仍說有問題，但給不出建議。

(完)