If you are using ASP.NET, then Microsoft Anti-Xss library is valuable at tackling with cross site scripting issues. The latest version can be found at:
http://antixss.codeplex.com/
There is some documentations at
http://msdn.microsoft.com/en-
It also comes with new sanitization function to include "safe" html within your output.
http://blogs.msdn.com/
Lots of people asked the same question "why do not we just use HttpUtility.htmlEnocde?". The Differences between AntiXss.htmlEncode and HttpUtility.HtmlEncode are:
- AntiXss.htmlEncode uses white list approach while HttpUtility.HtmlEncode uses black list
- AntiXss.htmlEncode supports more languages
- AntiXss.htmlEncode is designed for defeat XSS while HttpUtility.HtmlEncode is designed to generate safe html.
- Performance difference.
The details can be found at http://blogs.msdn.com/
No comments:
Post a Comment