Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS

152 questions

votes

1 answer

How to use AntiXSS but keep output readable?

I'm using Microsoft's AntiXSS library to HtmlEncode content being displayed on a web page. The problem is it encodes more than I want it to. For example it encodes the colon ":". Is there a way to HtmlEncode, but not certain characters? An example…

.net security antixsslibrary

asked Oct 15 '11 at 21:02

dtc

10,136
16
78
104

votes

2 answers

Microsoft Anti XSS Library encoding ampersands?

I am currently using the Microsoft AntiXSS library and using the GetSafeHtmlFragment method as follows: public static string SanitizeHtml(this string s) { return Sanitizer.GetSafeHtmlFragment(s); } However, if I pass in a string like…

c# asp.net-mvc antixsslibrary

asked Oct 11 '11 at 17:02

marcusstarnes

6,393
14
65
112

votes

1 answer

How to mark ampersand and apostrophe safe in AntiXssEncoder?

Same a this question, but my issue is different. I have a string with and & and ' that displaying their reference codes on the webpage. I need to get it to show the original characters, not the codes. AntiXssEncoder.HtmlEncode("Mike's & Sallies…

c# .net html-encode antixsslibrary

asked Dec 02 '21 at 17:07

MARS

votes

0 answers

Xss prevention for php submit

I got this little website where i tryed out some xss attacks. They were succesfull. I just needed to add ?query= behind my URL. I Also can attack my Website with an Image Tag or other Alternatives. Now im trying to…

php html xss antixsslibrary

asked May 14 '21 at 13:30

MrRementer

votes

2 answers

Regex to fix GetSafeHtmlFragment x_ prefix

When using Sanitizer.GetSafeHtmlFragment from Microsoft's AntiXSSLibrary 4.0, I noticed it changes my HTML fragment from:

to:

Sadly their API doesn't allow us to disable…

regex replace antixsslibrary

asked Jul 18 '11 at 19:08

Anon2321

votes

2 answers

Compatibility between Telerik ASP.Net controls and MS AntiXSS library

My questions are hypothetical, but hope I am giving all the info needed to answer them. Are there any known compatibility issues when using Telerik ASP.Net controls and Microsoft Anti XSS library? Will the usage of telerik controls affect the WCAG…

asp.net telerik antixsslibrary

asked Jun 28 '11 at 04:52

Krishna Chytanya

1,398
1
8
12

votes

0 answers

Veracode CWE 80 XSS issue with writing to HttpResponse object in c#

Does anybody have any suggestion as to what code I can add to mitigate a Veracode XSS violation that the following code is producing? else if (fileBytes != null && fileBytes.Length > 0) { string htmlContent =…

veracode antixsslibrary

asked Oct 20 '20 at 18:56

elspoono

votes

1 answer

GetSafeHtmlFragment adds a div tag after an input - Why?

Microsoft.Security.Application.Santizier.GetSafeHtmlFragment("") returns

I assume this is some sort of security feature - why does it do this?

asp.net xss antixsslibrary

asked May 25 '11 at 13:50

Brandon Montgomery

6,924
3
48
71

votes

1 answer

Change password form how to prevent anti-xss

OK This is a basic change password form, how can I sanitize this input? is it safe to use AntiXSS HtmlEncode? I want to make sure that the encoding won't change randomly entered characters what's the best way to do it? please advise

passwords antixsslibrary

asked Apr 19 '11 at 20:59

user714142

votes

1 answer

How to prevent XSS Attacks when rendering an image from an external website

My company will allow customers to post suggestions to our website. This feature is very similar to facebook share link. Our customers will type a URL, we will scrape the site, retrieve the images, description and save the description and the image…

screen-scraping antixsslibrary

asked Apr 18 '11 at 10:33

Fermen

votes

1 answer

string encoded with AntiXssEncoder does not return correct value for Contains " "

I have a string that was encoded with AntiXssEncoder "Some text,\r\n\r0;Another text .\r\n\r\nThird text " I want to replace 0; with
or \n for new line, but when I check if string contains "0;" result in false, Also…

c# html-encode antixsslibrary

asked Jul 08 '19 at 11:37

Alex

8,908
28
103
157

votes

1 answer

How to handle AntiXSSLibrary Globaly in asp.net application?

I want to prevent XSS attack in javascript using AntiXSSLibrary globally. Not able to find it in google. Kindly help. thanks in advance.

xss antixsslibrary

asked Jun 26 '18 at 07:29

Karthikeyan

votes

0 answers

how to mark ampersand and apostrophe safe in AntiXss?

I am currently using the Microsoft AntiXSS library and encoding HTML using HtmlEncode method. According to the documentation, ampersand and apostrophe are not part of the safe list. I want to add them to the safe list. It seems like it is possible…

c# antixsslibrary

asked Mar 09 '18 at 18:28

Mikyas Gami

votes

1 answer

Anti-XSS library - Use with ASP .Net website (vs. web application)?

The results of a security audit revealed that our site may be vulnerable to XSS attacks. Currently the only protection we have against this is by using the default ValidateRequest="true" on all pages. I have been looking into Microsoft's Anti-XSS…

asp.net xss antixsslibrary

asked Dec 02 '10 at 19:00

Jay

1,286
2
11
20

votes

1 answer

Overriding View model to sanitize string

I have created a model binder to sanitize string property from malicious input using AntiXssEncoder.HtmlEncode for us to be able to save encoded string without worrying about XSS. So I have made this work, however, the only problem that I'm having…

c# asp.net asp.net-mvc antixsslibrary

asked Mar 09 '17 at 16:58

rpmansion

1,964
1
9
26

Prev 1 2 3

…

10 11 Next