Last post Jun 14, 2010 07:57 AM by Jerry Weng - MSFT
Jun 10, 2010 11:19 AM|XPaul42|LINK
I'm trying to see what is the best way to include some protection against XSS in a web app but it needs to be easy for the developer!
Let me explain. I'm going to provide a library for the developers which will include the security controls. I'm thinking I have two choices:
1) Include some HTML encoding functions in that library e.g. AntiXSS and let the developer call the function every time he needs to output something
2) Create a new write method
The writesecure method would then call the appropriate functions and it would be transparent to the developer.
Additionally, I can write some easy code analyis scripts that will identify the use of the standard Write method...
Do you see any inconvenience witht the latter method? Does it have any kind of security issues?
security XSS architecture
Jun 10, 2010 02:27 PM|chintanpshah|LINK
Why are you re-inventing wheel when Microsoft has already coded this for you:
Jun 10, 2010 07:25 PM|XPaul42|LINK
Jun 14, 2010 07:57 AM|Jerry Weng - MSFT|LINK
For this issue, I think we need to discuss here: