Stack Overflow
Stack Overflow

Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting.

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS
152 questions
3
votes
4 answers

Script exploits in ASP.NET - Is setting validateRequest="true" good advice?

I was reading about ASP.NET Script Exploits, and one of the suggestions is: (emphasis is mine; and the suggestion is #3 in section "Guarding Against Scripting Exploits " in the web page) If you want your application to accept some HTML (for…
Zabba
  • 64,285
  • 47
  • 179
  • 207
3
votes
1 answer

Data URI is double-encoded by AntiXssEncoder

We have an ASP.Net Webforms (.Net 4.7.2) site. We've enabled the built-in XSS protection by adding to web.config: This works fine, apart from in one place: we have some…
KenD
  • 5,280
  • 7
  • 48
  • 85
3
votes
1 answer

What is difference between WebUtility.HtmlEncode and AntiXssEncoder.HtmlEncode?

AntiXssEncoder.HtmlEncode have support only for .Net framework. Can I use WebUtility.HtmlEncode for Antixss as we have our application in .net core 2.1?
Agrawal Shraddha
  • 734
  • 1
  • 5
  • 18
3
votes
1 answer

Avoid XSS attacks on Angular JS

I'm currently editing an existing web application where I need to improve the codes to protect it from XSS attacks, I researched about it, but most of the articles I saw was for raw HTML and also they don't give a lot of example. I was thinking that…
Kent Abrio
  • 445
  • 2
  • 9
  • 27
3
votes
1 answer

AntiXss library not working well

I am using AntiXssLibrary 4.0 but it not escaping \x3c. What is my mistake? I have configure the AntiXss to be a default HttpEncoder based on here http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx and set…
CallMeLaNN
  • 8,328
  • 7
  • 59
  • 74
3
votes
1 answer

XSS prevention using AntiXss NuGet

I'm trying to prevent cross-site scripting in the backend of my web-application. I was researching and I came accross the AntiXss nuget library. I noticed that there has not been a new release for a while. I was just wodering if it is recommended to…
Lurome
  • 43
  • 4
3
votes
1 answer

How to use AntiXSS in WebAPI?

I'm not clear on how to use the AntiXSS library in my .Net WebAPI 2 project. I have installed the AntiXSS NuGet package (which gives me v4.3), and have set the encoderType property of httpRuntime in web.config. Which class should I now use to take…
Paul Guz
  • 121
  • 1
  • 9
3
votes
3 answers

How to use Microsoft AntiXss 4.x?

I want to use the new version of the AntiXss library from Microsoft. I downloaded it from the Nuget package but I'm not sure where should I go from here. No documentation is provided for the library and all the articles I find on the Web are old.…
Alireza Noori
  • 14,961
  • 30
  • 95
  • 179
3
votes
2 answers

I use AntiXSS but I still can hack page

I don't know if I am doing this right. I first time build something to prevent attack on page. I will start from the bottom: I have property: public string Description {get;set;} User can set it's value through tinyMCE tinyMCE.init({ …
1110
  • 7,829
  • 55
  • 176
  • 334
3
votes
0 answers

AntiXSS HtmlEncode Textarea line break loss

I am developing web application on ASP.NET and I am getting textarea input from users and later display this input on website. While saving input into database I am not encoding input and directly write them into db. If input contains "enter" I…
Mehmet
  • 211
  • 1
  • 4
  • 12
2
votes
1 answer

Is the Microsoft AntiXSS library useful and do I need it if I'm using server controls?

I've downloaded and looked at the Microsoft AntiXSS library, but I'm not 100% sure I need to use it for server controls (asp:textbox, etc). Everything is fine when I use it with a standard html control (input, etc). It looks like the output is…
Tim Scarborough
  • 1,270
  • 1
  • 11
  • 22
2
votes
1 answer

Once something is HTML or URL encoded should it ever be decoded? Is encoding enough?

First time AntiXSS 4 user here. In order to make my application more secure, I've used Microsoft.Security.Application.Encoder.UrlEncode on QueryString parameters and Microsoft.Security.Application.Encoder.HtmlEncode on a parameter entered into a…
GonzoKnight
  • 809
  • 7
  • 12
2
votes
1 answer

Anti XSS library decode

I am using microsoft anti xss library to form security. I am using HtmlFormUrlEncode method. How can I decode my recorded data? sample data : mail%40sample.com %c3%96nder
onder
  • 795
  • 3
  • 14
  • 32
2
votes
0 answers

WebMethod in Asp.Net Prevent Script Injection

Hi I have a WebMethod in asp.net and I call it from clientside ajax call.I use antixss library ,htmldecode and encode to prevent xss attack.But what I want can I do it globally.ValidateRequest prevent textbox from antixss in server side but they are…
Bilgehan
  • 1,135
  • 1
  • 14
  • 41
2
votes
1 answer

Is the hyphen encoded in LDAP DNs?

I am using the AntiXss nuget package v4.3.0 to encode strings used in LDAP connections and queries. I am finding something that I don't understand: if I call Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode("test-name") I get the…
Piddu
  • 383
  • 2
  • 10
  • 20
1 2
3
10 11