Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS

152 questions

vote

1 answer

Sanitise text input for display on HTML page

Have built a chat program for our website. A part of tHe program does allow a web page comment area for chatting about the page. So there is a text input so text is entered and redisplayed on the page. Obviously that is potentially risky. So in…

c# antixsslibrary sanitization client-side-attacks

asked Jan 24 '18 at 09:00

wingyip

3,465
2
34
52

vote

1 answer

Problem with encoding using AntiXss library

I am using AntiXss library 4.0 for encoding text before displaying on the asp page. This is the asp code. In the PageLoad I am…

asp.net encoding antixsslibrary

asked Jan 28 '11 at 10:47

Ashwani K

7,880
19
63
102

vote

0 answers

Using AntiXss methods in C# - .Net4.5

I have a few questions regarding how to use AntiXss in my .Net project (not an MVC project. Traditional .Net project and contains .aspx and .ascx web pages). 1) Is my following approach correct :- My initial code in aspx.cs file (without AntiXss)…

c# encoding .net-4.5 xss antixsslibrary

asked Jun 20 '17 at 12:18

Mr.Human

vote

2 answers

Trying to block malicious XSS script being executed through the URL

I'm working on a .NET 4.5 web application(non-MVC) which contains numerous modules. While testing, I found out that my application is vulnerable to Reflected Cross Site Scripting attacks. For instance this is what my sample URL would look like…

c# asp.net .net-4.5 xss antixsslibrary

asked Apr 24 '17 at 05:36

Mr.Human

vote

2 answers

JavaScript library or Esapi preventing XSS - Escape and Encode untrusted data

I am working on some one page apps coded in JavaScript that currently use lodash. I would like to prevent Cross Site Scripting (XSS) using a standard library by: 1) Escaping all untrusted content 2) Encoding output depending on its destination …

javascript encoding xss esapi antixsslibrary

asked Jan 02 '17 at 22:50

MikeyB_Leeds

vote

1 answer

How to get Microsoft's AntiXss library to URLEncode to the URI standard (RFC3986) instead of an IRI (RFC3987)?

I'm using the Microsoft AntiXss 3.1 library. We have a number of international sites which use non-Latin scripts. We're using SEO-friendly URL's, so we have non-ASCII characters that end up in the URL. AntiXss.UrlEncode (at least in 3.1) treats…

utf-8 urlencode seo antixsslibrary

asked Oct 24 '10 at 04:12

Reed Rector

vote

2 answers

How vunerable to XSS attacks is Flash?

The reason why I ask is that I'm telling a vendor of ours they have to use the MS AntiXSS library with the ASP.NET UI components they make, but they also work with Flex to build Flash based UIs - and I was wondering if there's an equivalent for…

apache-flex flash xss security antixsslibrary

asked Oct 07 '10 at 21:30

Adrian K

9,880
3
33
59

vote

1 answer

How to handle XSS in a url query string in asp.net 3.5 using C#

I'm current trying to secure my site from XSS attacks in the Url. For example if the attacker is using Firefox they can do the following myxsssite.com/mypage.aspx?d">