antixsslibrary

ASP.NET MVC 2 - AntiXSS vs Built In MVC Encoding

Now that MVC has introduced HTML Encoding via <%: blah %> is there still value in using <%= AntiXSS.HTMLEncode(blah) %> instead? For Example: My application will take all content in (including JavaScript) and store it in it's raw state in the database. I was planning on simply outputting everything using something like <%: m...

Anti XSS support in ASP.net Vs AntiXss Lib

How does the XSS (Cross Site Scripting) support provided by ASP.net differs from AntiXss. AntiXss is a microsoft library for securing your site against XSS. Both API looks almost similar and it looks that they can easily be switched from one to another by doing find replace in your code files. Which one provides more security against XS...

VS 2008 crashes after Anti-XSS added

Hello I'm using visual studio 2008 with asp.net mvc 2. I need anti xss library to santitize an input which is generated by rich text editor (lightweight RTE). I want to use AntiXss.GetSafeHtmlFragment(input); function. the problem is that VS 2008 crashes after I reference anti xss dll (it works fine in the first time but than it crashe...

AntiXss.UrlEncode vs. AntiXss.HtmlAttributeEncode usage in link (a href)

According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example): <a href="http://search.msn.com/results.aspx?q=[Untrusted-input]"&gt;Click Here!</a> My understanding was, that UrlEncode should be used only when setting something to URL, like when setting document.locati...

Microsoft AntiXSS - Is there a need to Decode?

The HttpUtility class provides for both encoding and decoding. But, when I use the MS AntiXSS 3.1 Library I have a set of methods only for encoding, does this mean decoding can be avoided? For example Before applying AntiXSS: lblName.Text = "ABC" + "<script> alert('Inject'); </script"; After applying AntiXSS: lblName.Text = AntiXSS...

Which Anti-XSS library should I use? Microsoft XSS 4.0, Web Protection Library on Codeplex, or other?

Seems like Microsoft updated the Anti XSS library today: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651 In addition there is a new release of the Web Protection Library http://wpl.codeplex.com/ Are these two downloads the same thing? What XSS library should I be using? Are there ot...

How vunerable to XSS attacks is Flash?

The reason why I ask is that I'm telling a vendor of ours they have to use the MS AntiXSS library with the ASP.NET UI components they make, but they also work with Flex to build Flash based UIs - and I was wondering if there's an equivalent for Flash (assuming it's vunerable). ...

How to get Microsoft's AntiXss library to URLEncode to the URI standard (RFC3986) instead of an IRI (RFC3987)?

I'm using the Microsoft AntiXss 3.1 library. We have a number of international sites which use non-Latin scripts. We're using SEO-friendly URL's, so we have non-ASCII characters that end up in the URL. AntiXss.UrlEncode (at least in 3.1) treats "international characters" as safe, so we end up with an IRI instead of a URI: http://somesi...