HP Fortify扫描显示了一个XPath注入问题,如下所示:
string repositoryID = Request.QueryString[repositoryIDKey];
XmlDocument fullTreeviewMarkup = new SafeXmlDocument().LoadDocument(GetTreeViewMarkupFromSessionStore(sourceGuid));
XmlNode repositoryNode = fullTreeviewMarkup.SelectSingleNode( String.Format( "/root/TreeViewNode/TreeViewNode[@Value=\"{0}\"]", repositoryID ) );
如何解决Xpath注入问题。这里的repositoryID是System.GUID。如何验证repositoryID是否为GUID?