Wednesday, April 26, 2006 1:38 PM bart

Microsoft Anti-Cross Site Scripting Library V1.0

During the preparation of the MSDN Security Evenings (first one is tonight in Ostend) I ran into this nice piece of security-related software called "Microsoft Anti-Cross Site Scripting Library V1.0" which is a free download at Microsoft Download (download the library here). Basically the library comes as a .NET assembly with a couple of functions to do safe encoding etc to protect agaist XSS attacks. A couple of examples:

using Microsoft.Security.Application {

  • AntiXSSLibrary.UrlEncode(...);
  • AntiXSSLibrary.HtmlEncode(...);

}

That's basically it. The key takeaway however is that this library is a safer variant of Server.HtmlEncode() which only encodes <, >, & and ".

A version 1.5 has already been announced, which will have additional functionality on top of the existing base functionality set.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under:

Comments

No Comments