Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS

152 questions

votes

3 answers

How to properly sanitize content with AntiXss Library?

I have a simple forums application, when someone posts any content, i do: post.Content = Sanitizer.GetSafeHtml(post.Content); Now, i am not sure if i am doing something wrong, or what is going on, but it does not allow almost no html. Even simple…

asked Sep 23 '12 at 16:49

ojek

9,680
21
71
110

votes

1 answer

Is Sanitizer.GetSafeHtmlFragment supposed to remove
elements?

MS's AntiXSS (v4.2.1) Sanitizer.GetSafeHtmlFragment(string) method is removing
and
tags from my input. Is this supposed to happen? Is there a way around it? It seems to be removing \n and \r characters too, so I cannot call Replace()…

c# antixsslibrary

asked Jul 08 '12 at 14:29

Chaddeus

13,134
29
104
162

votes

2 answers

TinyMCE, AntiXSS, MVC3 and GetSafeHtmlFragment

I've read through lots of postings on SO regarding XSS and how to deal. Generally, the consensus is whitelist over blacklist and avoid using Regular Expressions (too many variants to deal with). I'm working on an ASP.Net MVC3 application. I need…

asp.net asp.net-mvc-3 tinymce xss antixsslibrary

asked Jun 04 '12 at 01:39

Mike Smith

votes

2 answers

Is there a good reason why AntiXss.JavaScriptEncode wraps result in single quotes?

I've been using Microsoft's AntiXss Library and was wondering if there is a good reason why its JavaScriptEncode method wraps the result in single quotes? That behavior seems unconventional.

asp.net xss antixsslibrary

asked May 15 '09 at 14:37

Josef Pfleger

74,165
16
97
99

votes

1 answer

How to use AntiXss in my Project?

I want to use AntiXss library function in my web application. I have a web application which contain asp.net pages with Jquery code in code behind. Whole asp.net pages run through Jquery js pages. I want to apply the encoding function to some…

c# jquery asp.net antixsslibrary

asked Jun 02 '11 at 03:54

Girish Chaudhari

1,607
5
16
24

votes

3 answers

ASP.NET MVC 2 - AntiXSS vs Built In MVC Encoding

Now that MVC has introduced HTML Encoding via <%: blah %> is there still value in using <%= AntiXSS.HTMLEncode(blah) %> instead? For Example: My application will take all content in (including JavaScript) and store it in it's raw state in the…

asp.net-mvc-2 antixsslibrary

asked Aug 05 '10 at 22:43

Chase Florell

46,378
57
186
376

votes

3 answers

Fortify and AntiXSS

My company requires our ASP.NET code to pass a Fortify 360 scan before releasing the code. We use AntiXSS everywhere to sanitize HTML output. We also validate input. Unfortunately, they recently changed the "template" Fortify was using and now it's…

c# asp.net html-encode antixsslibrary fortify

asked Jul 15 '10 at 14:19

fd_dev

votes

3 answers

In ASP.NET 4.5, how should I encode a string to be used as a JavaScript variable, to prevent XSS attacks

I know of several ways to do this, but they all have some downside. Is there an "accepted" way of doing it, that is considered the best? I used to use the Microsoft.Security.Application.AntiXss.JavaScriptEncode() which is great, but AntiXSS has been…

javascript asp.net xss antixsslibrary

asked Jun 02 '15 at 21:08

Elezar

1,467
1
15
22

votes

1 answer

Suggestions for where to put AntiXSS calls in ASP.NET MVC

I am attempting to find the optimal method of guarding against Cross Site Scripting in my ASP.NET MVC application. I planned to use Microsoft’s AntiXSS library and essentially guard on two levels: 1) Protect regular textboxes (i.e. those that should…

asp.net-mvc xss antixsslibrary

asked Jan 13 '10 at 16:28

JP.

5,536
7
58
100

votes

1 answer

How to Include Anti-XSS in ASP.Net 2.0 Without Visual Studio

Can I include Microsoft's Anti-XSS library in my ASP.Net 2.0 application without Visual Studio? If so, how? I've already downloaded and installed the library. From Microsoft's download page: "Reference the library in your application and use it."…

asp.net asp.net-2.0 antixsslibrary

asked Feb 07 '12 at 19:05

LisaEB

votes

3 answers

Microsoft AntiXSS - Is there a need to Decode?

The HttpUtility class provides for both encoding and decoding. But, when I use the MS AntiXSS 3.1 Library I have a set of methods only for encoding, does this mean decoding can be avoided? For example Before applying AntiXSS: lblName.Text = "ABC" +…

c# asp.net html-encode antixsslibrary

asked Sep 23 '10 at 01:21

GilliVilla

4,998
11
55
96

votes

1 answer

bug in System.Web.Security.AntiXss.AntiXssEncoder.MarkAsSafe and LowerCodeCharts.None?

I did a Microsoft Connect bug submission, I linked this question in my submission. I'm playing around with the System.Web.Security.AntiXss.AntiXssEncoder.MarkAsSafe to test a few things and I found this. This code, which seem proper: protected void…

c# asp.net .net antixsslibrary

asked Dec 30 '14 at 15:45

Fredou

19,848
10
58
113

votes

2 answers

What is the benefit to make encoderType to AntiXssEncoder in a MVC application?

In the What’s New page of .Net 4.5, it said that you may set encoderType to use the AntiXssEncoder type. http://www.asp.net/aspnet/overview/aspnet-and-visual-studio-2012/whats-new#_Toc318097382

asp.net-mvc antixsslibrary

asked Nov 17 '14 at 16:20

user4143172

votes

1 answer

How to config AntiXSS with .Net 3.5?

Hi I am using Ajax HtmlEditorExtender for my one of TextBox. It is strongly recommended to use the AntiXSS Sanitizer. Following is what I added in my web.config.

asp.net ajax web-config antixsslibrary

asked Jan 24 '12 at 22:14

GLP

3,441
20
59
91

votes

5 answers

How to encode embedded javascript in Razor view in ASP.NET MVC 3?

How do I properly encode JavaScript in the following context: ... The values in my JSON objects are set by the application…

javascript json asp.net-mvc-3 html-encode antixsslibrary

asked Nov 28 '11 at 18:38

Kaleb Pederson

45,767
19
102
147

Prev 1

…

10 11 Next