![Collapse image Collapse image](collapse_all.gif)
![Expand Image Expand Image](expand_all.gif)
![](collapse_all.gif)
![](expand_all.gif)
![](dropdown.gif)
![](dropdownHover.gif)
![Copy image Copy image](copycode.gif)
![CopyHover image CopyHover image](copycodeHighlight.gif)
![]() ![]() |
Microsoft AntiXSS Library |
Welcome to the Microsoft AntiXSS Library |
Cross-site scripting (XSS) attacks exploit vulnerabilities in web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user's browser to execute the script code. The script code will appear to have originated from a trusted site and may be able to bypass browser protection mechanisms such as security zones.
These attacks are platform-and-browser independent, and can allow malicious users to perform malicious actions such as gaining unauthorized access to client data like cookies or hijacking sessions entirely.