Microsoft AntiXSS Library |
Microsoft.Security.Application Namespace |
The Microsoft Anti-Cross Site Scripting Library is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.
Classes
Class | Description | |
---|---|---|
Encoder |
Performs encoding of input strings to provide protection against
Cross-Site Scripting (XSS) attacks and LDAP injection attacks in
various contexts.
| |
Sanitizer |
Sanitizes input HTML to make it safe to be displayed on a
browser by removing potentially dangerous tags.
| |
UnicodeCharacterEncoder |
Provides HTML encoding methods.
|
Enumerations
Enumeration | Description | |
---|---|---|
LowerCodeCharts |
Values for the lowest section of the UTF8 Unicode code tables, from U0000 to U0FFF.
| |
LowerMidCodeCharts |
Values for the lower-mid section of the UTF8 Unicode code tables, from U1000 to U1EFF.
| |
MidCodeCharts |
Values for the middle section of the UTF8 Unicode code tables, from U1F00 to U2DDF
| |
UpperCodeCharts |
Values for the upper section of the UTF8 Unicode code tables, from UA8E0 to UFFFD
| |
UpperMidCodeCharts |
Values for the upper middle section of the UTF8 Unicode code tables, from U2DE0 to UA8DF
|