Stack Overflow
Stack Overflow

Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting.

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS
152 questions
0
votes
1 answer

Explicit Encode and Decode with AntiXssLibrary

I know we can make ASP.NET MVC project to use AntiXssEncoder as a default encoder but sometimes we need to explicitly encode/decode html/url/js inside the code. Despite the fact that nearly all methods inside AntiXSS class have been marked as…
Mori
  • 2,484
  • 5
  • 28
  • 45
0
votes
2 answers

Encoder.HtmlEncode encodes Farsi characters

I want to use the Microsoft AntiXss library for my project. When I use the Microsoft.Security.Application.Encoder.HtmlEncode(str) function to safely show some value in my web page, it encodes Farsi characters which I consider to be safe. For…
Alireza Noori
  • 14,961
  • 30
  • 95
  • 179
0
votes
0 answers

Default encoder in HttpRuntime doesn't work for ViewBag

I'm making and setting AntiXssEncoder for my web project which uses mvc3 and .net4, and I've done these steps: add AxtiXSSLibrary reference create AntiXSSEncoder derived from HttpEncoder override the HtmlEncode method:…
genki98
  • 680
  • 1
  • 11
  • 31
0
votes
2 answers

How can I enter quotes to "white list" on HtmlEncode?

Heyy all! I'm using asp.net mvc 3 and AntiXssLibrary 4.2 and I try to encode some text with single or duble quotes and the problem is that I get ' " instead of ' or " and in Hebrew they are very useful (like רמב"ם or צ'ק). I know that…
oCcSking
  • 888
  • 21
  • 43
0
votes
1 answer

why the AntiXss and ValidateRequest ="true" is not working combinely?

I am trying to avoid an cross side scripting in my Application but my requirement is i have to save the data including the script to my database but when displaying the same data it it should be visible as a text not as a script for eg: Step 1 : i…
Mak
  • 1
  • 3
0
votes
1 answer

System.Web.Security.AntiXss missing methods

So I'm in the process of converting over to the built in AntiXssEncoder now, but I've hit a snag. One of my applications made used of the HtmlAttributeEncode() and JavaScriptEncode() methods of the older Microsoft library. These seem to not be…
Michael Hallock
  • 1,413
  • 1
  • 11
  • 17
0
votes
1 answer

ASP MVC 4.5 AntiXSS Library + allow HTML content

What's New in ASP.NET 4.5 and Visual Studio 2012 shows a built in AntiXSS Library ,
Zakos
  • 1,492
  • 2
  • 22
  • 41
0
votes
2 answers

Why I am getting this error with Request.Url.PathAndQuery?

As I have been requested by my instructor to use AntiXss library in the development of my senior project, I am facing a lot of difficulties of using this library because of the lack of resources on the web. A part of my project I have an upload file…
Android FanBoy
  • 185
  • 1
  • 4
  • 10
0
votes
3 answers

Does anyone use Fortify 360 with Classic ASP? a Header Manipulation vulnerability story

I'm on a short-term contracting gig, trying to patch some vulnerabilities in their legacy code. The application I'm working on is a combination of Classic ASP (VBScript) and .Net 2.0 (C#). One of the tools they have purchased is Fortify 360. …
Jim Green
  • 123
  • 1
  • 6
0
votes
1 answer

Web application crashing due to XSS script in IE but not in google chrome, but both browser's are processing the script?

I'm testing an web application against xss attack. In that there are list of events and each one has comment area, in one of the event, i inserted this script, The event showed a flag,…
user1747116
0
votes
1 answer

Query string Encryption in Jquery Ajax request MVC 4

While making POST request using Jquery Ajax for a controller's action,What would be the better to encrypt the URL in the POST request and decrypt at Controller action,without involving the SSL. I came across ANtiXSS library,does it provide the one I…
Soni Qureshi
  • 97
  • 2
  • 8
0
votes
3 answers

ASP.NET controls and AntiXss

I'm doing some AntiXSS work. The user inputs some text which is then put through Microsoft.Security.Application.Encoder.HtmlEncode(); and saved to the database. This text can then be displayed in either a label or a textbox. If I put the encoded…
Liath
  • 9,913
  • 9
  • 51
  • 81
0
votes
1 answer

Is The Whitelist Configurable In The MS Anti_XSS Library 3.0?

I've just downloaded and taken a look at the new MS Anti_XSS 3.0 release. I've read through the help file, but I've found no mention of how to modify the whitelist it uses. Can items be added? Can items be removed?
Daniel Auger
  • 12,535
  • 5
  • 52
  • 73
0
votes
1 answer

How should I use the AntiXSS library with the Knockout library?

In a project at work, I've recently been assigned to encode the user input using the AntiXSS library (v. 4.2.1), even though it's as good as abandoned and doesn't even have documentation for the latest version. I looked around a bit and found that I…
Ana Ameer
  • 671
  • 11
  • 30
0
votes
1 answer

Allowing local URL in Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment

Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment seems to strip all link into link Is there anyway to preserve local URL, e.g. when passing it into Sanitizer.GetSafeHtmlFragment? Note: I'm…
Jeow Li Huan
  • 3,758
  • 1
  • 34
  • 52
1 2 3
10
11