Stack Overflow
Stack Overflow

Questions tagged [antixsslibrary]

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting. Its approach differs from the built-in encoders in the .NET framework in

The AntiXSS Library is a .NET assembly provided as part of the Web Protection Library, a Microsoft Open Source project. It provides various encoding functions for use in web applications. Encoding functions generally take un-trusted input and translate it into a format which is suitable for inclusion in output, minimizing the risk of injection attacks such as Cross Site Scripting.

Its approach differs from the built-in encoders in the .NET framework in that it uses a safe-list approach, rather than a limited black-list.

Installing AntiXSS can most easily be done using its NuGet package:

Install-Package AntiXSS
152 questions
0
votes
1 answer

XSS Attack prevention in C#

I've a Web API project which is consumed by an MVC project. The MVC project has a fair amount of user inputs which are displayed as output on the web page. Now, I want to protect my site from XSS attacks. I've read about Microsoft's AntiXss…
NoviceCoder
  • 31
  • 2
  • 8
0
votes
0 answers

MVC antixss not working

I am trying to implement antiXSS as in the example http://www.c-sharpcorner.com/UploadFile/abhikumarvatsa/avoiding-cross-site-scripting-xss-attacks-with-antixss-in/ Can anybody figure out what am i missing here. It didn't happened as expected. This…
user3835887
  • 33
  • 5
0
votes
1 answer

Looking for Anti-XSS or Web-base html malware scan API

Any tool/API allows to scan Anti-XSS codes/scripting? Not MS Anti-XSS scans the codes but not specify what kind of thread(s). In other words, the API only needs to scan the codes/script and provide the level of threads.
Morgan Scott
  • 21
  • 1
  • 3
0
votes
0 answers

Anrisamy XSS validation not working for JavaScript

I tried applying
style="x:"> string to attack, but it was not blocked by antisamy library. Does anyone know why it's not prevented against Antisamy library?
user2523507
  • 11
  • 3
0
votes
1 answer

AntiXss.HtmlEncode warning :This method has been deprecated. Please use Encoder.HtmlEncode() instead

I'm trying to Use Microsoft AntiXss.HtmlEncode while merging html tags with server side scripting. Default.aspx

Default.aspx.cs litHeader.Text =…
l Lamas
  • 73
  • 1
  • 9
0
votes
1 answer

Server.HtmlEncode vs Encoder.HtmlEncode

I have the below code in my MVC application. text = Server.HtmlEncode(text); text=Encoder.HtmlEncode(text); what is the difference will do if I use AntiXSS library here? I passed the value to the variable text…
Tom Cruise
  • 1,395
  • 11
  • 30
  • 58
0
votes
1 answer

VS 2008 crashes after Anti-XSS added

Hello I'm using visual studio 2008 with asp.net mvc 2. I need anti xss library to santitize an input which is generated by rich text editor (lightweight RTE). I want to use AntiXss.GetSafeHtmlFragment(input); function. the problem is that VS 2008…
Gidon
  • 537
  • 2
  • 6
  • 18
0
votes
2 answers

Anti XSS support in ASP.net Vs AntiXss Lib

How does the XSS (Cross Site Scripting) support provided by ASP.net differs from AntiXss. AntiXss is a microsoft library for securing your site against XSS. Both API looks almost similar and it looks that they can easily be switched from one to…
Anand Patel
  • 6,031
  • 11
  • 48
  • 67
0
votes
0 answers

ASP.NET webforms action a xss threat?

I am currently working on locking down an application that is reporting XSS vulnerabilities for a website. The site is built for ASP.NET 2.0, but has been upgraded to function within the ASP.NET 4.0 libraries. I have scanned the site with a security…
mfrabotta
  • 1
0
votes
5 answers

How to handle encoded inputs that need to be edited?

Using Microsoft's AntiXssLibrary, how do you handle input that needs to be edited later? For example: User enters: title Saved to the database as: title On an edit page, in a text box it displays something like: …
dtc
  • 10,136
  • 16
  • 78
  • 104
0
votes
1 answer

Confirm that antixss is actually being used when set as the default encoder in asp.net

We want to encode data sent to browsers to help prevent XSS in an asp.Net 4 application. Microsoft's AntiXSS software is attractive as it uses a white-list as opposed to a black list approach. Unfortunately, the API's are different between the…
mikebk
  • 95
  • 7
0
votes
1 answer

Input "placeholder" attribute no longer working in IE when using AntiXssEncoder

I am unable to see the placeholder values on input elements when the input is empty and deselected. The input elements:
Sjeijoet
  • 741
  • 4
  • 20
0
votes
1 answer

Accepted list approach explain AntiXSS

In one of the site I found that statemement in article: The AntiXSS Library takes an accepted-list approach, whereas the .NET Framework takes a blocked-list approach. Explain me please what does it mean accepted-list approach and blocked-list…
Take
  • 1
  • 1
0
votes
1 answer

Json.Net Wrapper to prevent Xss attack

I need to add some Xss protection in an application MVC views, that are currently using Json.Net and Javascript Widgets. The ViewModels are extremely big and complex, so i can't use the Microsoft AntiXss library to javascriptEncode properties, so i…
mflair2000
  • 315
  • 3
  • 13
0
votes
2 answers

Strange results when using AntiXss.HtmlEncode

I am trying to limit XSS attacks to a site, and am using the AntiXss Library to encode any untrusted strings before including in the response. AntiXssEncoder.HtmlEncode(_Title, False) My database value looks like this - If There's a Fire, which…
DavidB
  • 2,566
  • 3
  • 33
  • 63
1 2 3
10 11