Microsoft.Security.Application Namespace

Microsoft AntiXSS Library

Collapse imageExpand ImageCopy imageCopyHover image
The Microsoft Anti-Cross Site Scripting Library is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.

Classes

  ClassDescription
Public classEncoder
Performs encoding of input strings to provide protection against Cross-Site Scripting (XSS) attacks and LDAP injection attacks in various contexts.
Public classSanitizer
Sanitizes input HTML to make it safe to be displayed on a browser by removing potentially dangerous tags.
Public classUnicodeCharacterEncoder
Provides HTML encoding methods.

Enumerations

  EnumerationDescription
Public enumerationLowerCodeCharts
Values for the lowest section of the UTF8 Unicode code tables, from U0000 to U0FFF.
Public enumerationLowerMidCodeCharts
Values for the lower-mid section of the UTF8 Unicode code tables, from U1000 to U1EFF.
Public enumerationMidCodeCharts
Values for the middle section of the UTF8 Unicode code tables, from U1F00 to U2DDF
Public enumerationUpperCodeCharts
Values for the upper section of the UTF8 Unicode code tables, from UA8E0 to UFFFD
Public enumerationUpperMidCodeCharts
Values for the upper middle section of the UTF8 Unicode code tables, from U2DE0 to UA8DF