Wait for the new version of MS Anti-XSS .... they said it will come soon (maybe before the end of year).
I'm sure there's a lot of new improvements. I suggest you to go on the blog of the team who built that library. To get to that blog, go in the post where the guy say "new version of anti-xss coming soon"
If you need to validate user-entered HTML, there is an IsValidHtmlFragment in the common data project at
http://www.CodePlex.Com/CommonData
Click "Mark as Answer" on the post that helped you.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
1) I blogged about why AntiXss.HTMLEncode() is better than Server.HTMLEncode() a while back, you may check my posting here.
2) & 3) How Anti-XSS library works is that it encodes the un-safe user input to html entity notation so that the encoded text rendered in browser will be XSS safe. For example "<" will be encoded to "<" which will
render as a "less than" sign in browser. You wouldn't need decoding by design. Please check the following posting from my colleague
here which explains quickly how to use the library.
PS. Also keep checking our
team blog for updates on the upcoming release of Anti-XSS Library.
sujithukvl@g...
Member
614 Points
706 Posts
AntiXssLibrary
Oct 23, 2008 12:34 PM|LINK
I found AntiXssLibraryV1.5Installer from go.microsoft.com/fwlink/?LinkId=122628
it seems to be good
1)But can any one show me a case where Server.HtmlEncode fail ?
2)why decode functions are not provided in this library?
3)How can I decode if the data is once encoded using AntiXss
...............................................................
Microsoft.Security.Application.AntiXss.
...............................................................
security
sujithukvl@g...
Member
614 Points
706 Posts
Re: AntiXssLibrary
Nov 13, 2008 04:28 AM|LINK
No one considerd me yet :(
anti-cross
Nordes
Member
12 Points
6 Posts
Re: AntiXssLibrary
Nov 13, 2008 10:34 PM|LINK
Wait for the new version of MS Anti-XSS .... they said it will come soon (maybe before the end of year).
I'm sure there's a lot of new improvements. I suggest you to go on the blog of the team who built that library. To get to that blog, go in the post where the guy say "new version of anti-xss coming soon"
Nordès
Blog: http://nordz.sauleil.com/
TATWORTH
All-Star
72415 Points
14017 Posts
MVP
Re: AntiXssLibrary
Nov 18, 2008 05:06 PM|LINK
If you need to validate user-entered HTML, there is an IsValidHtmlFragment in the common data project at http://www.CodePlex.Com/CommonData
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
anilchintala
Member
2 Points
1 Post
Re: AntiXssLibrary
Nov 20, 2008 09:05 AM|LINK
2) & 3) How Anti-XSS library works is that it encodes the un-safe user input to html entity notation so that the encoded text rendered in browser will be XSS safe. For example "<" will be encoded to "<" which will render as a "less than" sign in browser. You wouldn't need decoding by design. Please check the following posting from my colleague here which explains quickly how to use the library.
PS. Also keep checking our team blog for updates on the upcoming release of Anti-XSS Library.
Hope this helps!