C# Online Compiler | .NET Fiddle

<no name> by Anonymous

using System;
using System.Text.Json;

string maliciousInput = "{0} % $0 -- DROP TABLE \"USERS\"";

// Always, always, ALWAYS use a proper serializer for assembling formats like JSON.
// The malicious input can include actual JavaScript, and it'll be correctly encoded with 100% safety.
string encoded = JsonSerializer.Serialize( new {
	context= "{0}",      // .NET format string placeholder
	input=maliciousInput
});

// This will just work, formatting placeholders are ignored if no parameters are specified
Console.WriteLine(encoded);

// A safe FormatException is thrown if you mis-use the string formmating code. 
// No vulnerability other than DDoS.
Console.WriteLine(encoded, "adfasfd");

​x
 
using System;
using System.Text.Json;
​
string maliciousInput = "{0} % $0 -- DROP TABLE \"USERS\"";
​
// Always, always, ALWAYS use a proper serializer for assembling formats like JSON.
// The malicious input can include actual JavaScript, and it'll be correctly encoded with 100% safety.
string encoded = JsonSerializer.Serialize( new {
    context= "{0}",      // .NET format string placeholder
    input=maliciousInput
});
​
// This will just work, formatting placeholders are ignored if no parameters are specified
Console.WriteLine(encoded);
​
// A safe FormatException is thrown if you mis-use the string formmating code. 
// No vulnerability other than DDoS.
Console.WriteLine(encoded, "adfasfd");

Nama : Budi
Nama : Hasan
Nama : Susanto
angka : 2
angka : 3
angka : 5
angka : 7
Total isi List 2 : Budi
Total isi List 2 : Hasan
Total isi List 2 : Susanto

Cached Result
Last Run:	12:10:19 am
Compile:	0.126s
Execute:	0s
Memory:	0b
CPU:	0.031s

View IL Code