I'm trying to prevent cross-site scripting in the backend of my web-application. I was researching and I came accross the AntiXss nuget library. I noticed that there has not been a new release for a while. I was just wodering if it is recommended to user this library or if I should try a different approach.
Asked
Active
Viewed 1,284 times
1 Answers
2
In .Net versions 4.5 and later, AntiXSS is part of the framework and not a separate library anymore. It is in the System.Web.Security.AntiXss namespace, with almost all functionality of the original separate library.
Docs are here.
Compared to other built-in classes like HttpUtility, AntiXss is more secure, because it's a whitelist-based encoder, as opposed to blacklisting provided by other classes.
One part that did not make it into the framework is Sanitizer, but that was not very useful anyway. There are other libraries for html sanitization if needed (mostly not, it's a special case when dealing with user-supplied html code).
Gabor Lengyel
- 14,129
- 4
- 32
- 59