Stack Overflow
Stack Overflow

Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting.

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS
152 questions
2
votes
1 answer

Should I encode data before making jQuery ajax call?

In my ASP.NET MVC 5 app, I'm reading some data from a form then making a jQuery ajax call to an action method in the backend to save it into my database. In the form, if I enter some text with HTML tags in it, I'm getting an error because of the…
Sam
  • 26,817
  • 58
  • 206
  • 383
2
votes
2 answers

XSS - SQL Injection -- Owasp vs AntiXss Vs Microsoft Anti-Cross Site Scripting Library

We are looking at using a library to help us detect SQL injections. We are using sprocs and parametrized statements, but for the sake of this post that we are only using some sore of library that detects/ verifies user input. Whats the best…
Brad8118
  • 4,672
  • 11
  • 36
  • 48
2
votes
2 answers

JavaScriptEncode doesn't look right

I need to encode some javascript on the server side that is getting injected into the html. I'm using Microsoft.Security.Application.Encoder.JavaScriptEncode() but it ends up looking like this from view source: 'var DesignTheme \x3d…
Induster
  • 733
  • 1
  • 6
  • 15
2
votes
1 answer

How do you prevent AntiXssEncoder sending numeric character reference of "Carriage Return" "Line Feed"?

The ASP .Net Mark up with the AntiXssEncoder First Line Second Line Renders as:
user1069816
  • 2,763
  • 2
  • 26
  • 43
2
votes
0 answers

Microsofts latest anti XSS Library for asp.net - 4.2.1 - Problems and Alternatives(?)

I have a problem using the their latest WPL v 4.2.1. The stripping of suspect HTML, javsacript and styling is so aggressive it strips out ALL the CSS. I understand that CSS can be easily used to inject malicious javascript using URL references, but…
JohnSM
  • 91
  • 1
  • 4
1
vote
1 answer

Microsoft Web Protection Library doesn't encode XSS on ASP.NET 4.0 Webforms gridview

I've got an ASP.NET 4.0 webforms app that uses some gridviews. I'm trying to get the MS Web Protection Library to correctly encode data in the gridview so that it protects against cross-site-scripting issues. I've added v4.2.1 of the WPL library via…
growse
  • 3,554
  • 9
  • 43
  • 66
1
vote
2 answers

Is there a minimum-trust equivalent of the Web Protection Library (Anti-XSS)?

I am working on a project that requires some HTML sanitization. Normally, I would turn to the Microsoft Web Protection Library; however, in this case, I am developing an application running in minimal trust. Part of the WPL requires medium trust,…
kbrimington
  • 25,142
  • 5
  • 62
  • 74
1
vote
2 answers

Microsoft AntiXSS wpl using in asp.net mvc3 applicaton

As far as i know asp.net mvc3 is quite secure but is there any places I can use Microsoft AntiXSS library there to get more security? http://wpl.codeplex.com/ How can I found any places inside my application where i may use this? May be some one…
jason
  • 13
  • 5
1
vote
1 answer

EncoderType AntiXssEncoder is conflicting with DevExpress control

DevExpress control ASPxComboBox is returning -1 as selected index when encoderType is given in web.config Here is my DevExpress control:
Shaheem Naseeb
  • 59
  • 4
1
vote
1 answer

XSS Vulnerability found in RowCommand function with e.CommandArgument

i'm using Checkmarx to scan a web application and i have noticed a lot of threats are found everytime i use e.CommandArgument in a RowCommand function. Example: Protected Sub gvwModifySend_RowCommand(ByVal sender As Object, ByVal e As…
Arn.adg
  • 33
  • 3
1
vote
1 answer

Javascript Rich Text Editor and associated class to filter and clean the input?

I realise there are several rich text editors for jQuery but I cannot find any that have an associated class that does the filtering and cleaning required to accept the input into a database. Does such a class exist? I am particularly interested for…
Jon Winstanley
  • 23,010
  • 22
  • 73
  • 116
1
vote
4 answers

Are there any anti-XSS libraries for ASP.Net?

I was reading some questions trying to find a good solution to preventing XSS in user provided URLs(which get turned into a link). I've found one for PHP but I can't seem to find anything for .Net. To be clear, all I want is a library which will…
Earlz
  • 62,085
  • 98
  • 303
  • 499
1
vote
1 answer

Antixss for Kendo Grid

Controller.cs ViewData["Applications"] = await _applicationClient.GetAll(); view.cshtml @(Html.Kendo().Grid () .Columns(columns => {columns.ForeignKey(r => r.ApplicationId,…
Micheal
  • 90
  • 8
1
vote
1 answer

why does MS anti xss library (v4) remove html 5 data attributes

AntiXss library seems to strip out html 5 data attributes, does anyone know why? I need to retain this input: The…
Haroon
  • 3,402
  • 6
  • 43
  • 74
1 2 3
10 11