Home
ASP.NET Forums » Microsoft Downloads » Anti-Cross Site Scripting Library » Why should I use Anti-Cross Site Scripting Library instead of HtmlEncode?

Why should I use Anti-Cross Site Scripting Library instead of HtmlEncode?

Last post 06-19-2007 10:40 AM by naturehermit. 3 replies.

Sort Posts:

  • Why should I use Anti-Cross Site Scripting Library instead of HtmlEncode?

    05-06-2007, 4:05 PM
    • Loading...
    • rusgelin
    • Joined on 05-06-2007, 8:00 PM
    • Posts 1

    In the FAQ of information page , you explain why someone use Anti-Cross Site Scripting Library but I really do not understand why?. We always use HTMLENCODE?

     

  • Re: Why should I use Anti-Cross Site Scripting Library instead of HtmlEncode?

    05-06-2007, 4:39 PM
    • Loading...
    • TATWORTH
    • Joined on 02-04-2003, 8:34 AM
    • England
    • Posts 6,552
    In you posting, why not cite the URL of the FAQ page - this would help everybody follow what you are saying.
    Don't forget to click "Mark as Answer" on the post that helped you.
    This credits that member, earns you a point and marks your thread as Resolved so we will all know you have been helped.

  • Re: Why should I use Anti-Cross Site Scripting Library instead of HtmlEncode?

    05-26-2007, 7:22 AM
    • Loading...
    • e_screw
    • Joined on 10-20-2004, 1:22 PM
    • Women, Guitar, Russia, Billiards, Nature, .NET
    • Posts 3,852

    The Microsoft Anti-Cross Site Scripting Library differs from HTMLEncode method in that it uses the principle of inclusions technique, which first defines a set of valid characters so that anything outside that set is automatically encoded.

    Thanks

    Mark post(s) as "Answer" that helped you

    Electronic Screw
    Website||Blog||Dub@i.net

  • Re: Why should I use Anti-Cross Site Scripting Library instead of HtmlEncode?

    06-19-2007, 10:40 AM

    Ok Anti-Cross Site scripting library is used as an additional security measure to beef up the website security. It also involved generating a risk matrix and then working out set of valid parameters.

     

    Read about it here with clear examples. Remember you can still use HTMLEncode...

     

    http://msdn2.microsoft.com/en-us/library/aa973813.aspx

    Please Mark Post that helped you as answer, also include a summary of what solved the problem as it helps others in similar situations
Page 1 of 1 (4 items)
RSS Available

Advertise on ASP.NET

About this Site

Microsoft Communities
Page view counter