From b178b46f7d391cb1d2499f4f28ed8d35f0cfe705 Mon Sep 17 00:00:00 2001
From: John <74227617+shimakaze09@users.noreply.github.com>
Date: Sun, 24 Nov 2024 18:01:20 +1300
Subject: [PATCH] Fix code scanning alert no. 4: Cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 Web/Controllers/BlogController.cs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Web/Controllers/BlogController.cs b/Web/Controllers/BlogController.cs
index 14f6332..879fbcf 100644
--- a/Web/Controllers/BlogController.cs
+++ b/Web/Controllers/BlogController.cs
@@ -1,6 +1,7 @@
 using Data.Models;
 using FreeSql;
 using Microsoft.AspNetCore.Mvc;
+using System.Net;
 using Web.Contrib.SiteMessage;
 using Web.Services;
 using Web.ViewModels.Blog;
@@ -51,6 +52,8 @@ public async Task<IActionResult> List(int categoryId = 0, int page = 1, int page
             return RedirectToAction(nameof(List));
         }
 
+        sortBy = System.Net.WebUtility.HtmlEncode(sortBy);
+
         return View(new BlogListViewModel
         {
             CurrentCategory = currentCategory,