Stack Overflow
Stack Overflow

Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting.

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS
152 questions
2
votes
1 answer

How to use AntiXss with a Web API

This is a question that has been asked before, but I've not found the information I'm looking for or maybe I'm just missing the point so please bear with me. I can always adjust my question if I'm asking it the wrong way. If for example, I have a…
Thierry
  • 6,142
  • 13
  • 66
  • 117
2
votes
2 answers

How to use Microsofts WPL / Anti-XSS as default HTTPEncoder?

I want to use Microsofts WPL AntiXSS Library as default HTTPEncoder as described at haacked but this documentation is for WPL 3.1 and I've read that there is a change regarding HTTPEncoder with latest WPL 4.0. What is the best way to implement it so…
K232
  • 1,040
  • 14
  • 36
2
votes
1 answer

ASP.NET 4 MetaKeywords and MetaDescription being Encoded

I'm using the ASP.NET 4 MetaKeywords and MetaDescription on every page to set the appropriate meta tags. I also use the Anti XSS Library as the default encoder in the application. The tags end up being rendered like:
Druid
  • 6,423
  • 4
  • 41
  • 56
2
votes
0 answers

Manually validating the values using data annotations

I have a model something like this. public class Feedback { public string FeedbackType { get; set; } [AntiXss] public string FeedbackMessage { get; set; } } For example, When I post the below message from FE using a 'TextArea' field Hello (This is…
Ankur Arora
  • 194
  • 3
  • 15
2
votes
0 answers

Sanitize xml string using AntiXss libraray

I tried to sanitize the below mentioned xml string using AntiXss library:
santosh kumar patro
  • 7,231
  • 22
  • 71
  • 143
2
votes
0 answers

Which Library Does <%#: Use?

I have an asp.net 4.6.1 site and I need to use htmlencoding on some values. If I use the new (as of .NET 4.5) automatic html databinding encoding expression, <%#: to html encode my values, what library will it use? Server.htmlencode or…
Chris
  • 320
  • 3
  • 14
2
votes
3 answers

IE8 window.open name - doesn't like JavaScript encoding?

I'm calling window.open() like this: window.open('blank.html', 'New_Window\x3a_Jamie', 'width=800,height=800'); What I've done in the code is taken the window's name and JavaScript encoded it using the Microsoft Web Protection library. I'm also…
Brandon Montgomery
  • 6,924
  • 3
  • 48
  • 71
2
votes
2 answers

Which Anti-XSS library should I use? Microsoft XSS 4.0, Web Protection Library on Codeplex, or other?

Seems like Microsoft updated the Anti XSS library today: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651 In addition there is a new release of the Web Protection Library http://wpl.codeplex.com/ Are…
makerofthings7
  • 60,103
  • 53
  • 215
  • 448
2
votes
1 answer

AntiXss.UrlEncode vs. AntiXss.HtmlAttributeEncode usage in link (a href)

According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example): Click Here! My understanding was, that UrlEncode…
Tero
  • 272
  • 2
  • 7
2
votes
0 answers

angularjs sanitize not work properly with ng-model

I use AntiXss Encoder on serverside for XSS atacks so all response includes html unescape characters like "<:script>:alert(1);<:/script>:" (replaced ';' as ':') on binding i use sanitize with ng-bind-html there is no problem wih that. There…
Unsal Aslan
  • 101
  • 1
  • 5
2
votes
4 answers

Preventing XSS Attack on Form

All: I have an issue with a project I am working on using C# MVC4 In the project, I am accepting a URL and other parameters from a user, then do some processing and send the result of the processing to the URL provided by the user. The result is…
Sulaiman Adeeyo
  • 485
  • 6
  • 19
2
votes
1 answer

XSS in angularjs app and web api 2

I have a web application. I am using Angularjs and Web Api2. I have a simple form where user can insert some free text that will be send via email to other people. The text is also saved on db and later can be shown in a web site page. I knew I…
Simone
  • 2,304
  • 6
  • 30
  • 79
2
votes
2 answers

Unable to use encoded/escaped CSS values with Firefox

According to OWASP recommendations, CSS values from an untrusted source should be escaped. Link to OWASP cheat sheet:…
Uber Schnoz
  • 140
  • 1
  • 5
2
votes
0 answers

Adding Farsi characters to AntiXSS library

I'm using the AntiXSS as the default engine for my Asp.Net MVC website. The problem is, it encodes Farsi characters like "راهنما". I'm not an expert in security but I think these characters are fine and won't cause a problem for my website. I was…
Alireza Noori
  • 14,961
  • 30
  • 95
  • 179
2
votes
1 answer

AntiXSS JavaScriptEncode gets HTML encoded?

I've just started using AntiXSS (4.3.0), mostly to use @Encoder.JavaScriptEncode as described here. I installed AntiXSS from Nuget, then added encoderType="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary" to
MatthewSot
  • 3,516
  • 5
  • 39
  • 58
1 2 3
10 11