Web developers wiki ASP.NET Sitecore Sharepoint Kentico by Evident Interactive

Anti Cross Site Scripting (XSS) library

Modified: 2009/11/30 10:09 by sierra - Categorized as: ASP.NET, Security
Recently, Microsoft released the Anti-XSS Library v3.1.

The Microsoft Anti-Cross Site Scripting Library V3.1 (Anti-XSS V3.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.

It differs from most encoding libraries in that it uses the white-listing technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.

New features in this version of the Microsoft Anti-Cross Site Scripting Library include: - An expanded white list that supports more languages - A sample application - Security Runtime Engine (SRE) HTTP module - HTML Sanitization methods to strip dangerous HTML scripts

Example of usage:
//encode for usage in HTML
string safeString = AntiXss.HtmlEncode("evil string containing evil characters"); 

//encode for usage in HTML attribute
string safeString = AntiXss.HtmlAttributeEncode("evil string containing evil characters");

//encode for usage in Javascript
string safeString = AntiXss.JavaScriptEncode("evil string containing evil characters")

//HTML Sanitization method to strip dangerous HTML scripts
string safeString = AntiXss.GetSafeHtml("evil string containing evil characters")
;

Click here to view a video about the Anti-Cross Site Scripting Library V3.1

Click here to download the Anti-Cross Site Scripting Library V3.1

 © Evident Interactive BV