Wednesday, April 26, 2006 1:38 PM
bart
Microsoft Anti-Cross Site Scripting Library V1.0
During the preparation of the MSDN Security Evenings (first one is tonight in Ostend) I ran into this nice piece of security-related software called "Microsoft Anti-Cross Site Scripting Library V1.0" which is a free download at Microsoft Download (download the library here). Basically the library comes as a .NET assembly with a couple of functions to do safe encoding etc to protect agaist XSS attacks. A couple of examples:
using Microsoft.Security.Application {
- AntiXSSLibrary.UrlEncode(...);
- AntiXSSLibrary.HtmlEncode(...);
}
That's basically it. The key takeaway however is that this library is a safer variant of Server.HtmlEncode() which only encodes <, >, & and ".
A version 1.5 has already been announced, which will have additional functionality on top of the existing base functionality set.
Del.icio.us |
Digg It |
Technorati |
Blinklist |
Furl |
reddit |
DotNetKicks
Filed under: Security