Stop JavaScript Injection Attacks in ASP.NET - Microsoft Anti-Cross Site Scripting Library 3.1

Filed: .NET Developer Tools

There is an update to the Microsoft Anti-Cross Site Scripting Library that was released the other day. We are now up to version 3.1 and the new library includes two new methods to help you santitize your input of malicious scripts before outputting the results to the browser:

• GetSafeHtml
• GetSafeHtmlFragment

I was confused as to the difference of the two methods so I gave them a spin.

When you use GetSafeHtml it will add any missing tags, like the html and body tags around the contents if it is missing. GetSafeHtmlFragment will just sanitize the input and display the results as html and not add any missing tags.

Pretty useful.

You can download it here.

 

David Hayden

 

ASP.NET Web Security Tutorials

• SQL Injection Attacks Tool - Download UrlScan 3.0 - ASP.NET Security Best Practices
• SQL Injection Attacks - Parameterized Queries - Regular Expressions - ASP.NET Security Best Practices
• Website Security - ASP.NET Security - SQL Injection Attacks
• SQL Injection Attacks - Testing Vulnerabilities - Validating Input - Handling Exceptions - Hashing Passwords - Encrypting Connection Strings
• Microsoft Developer Security Resource Kit - Security Best Practices CheckLists and Developer Tools
• Encrypt Connection Strings AppSettings and Web.Config in ASP.NET 2.0 - Security Best Practices
• Cross-Site Scripting - ASP.NET Security - RegularExpressionValidator Control and Regex.IsMatch - HttpUtility.HtmlEncode
• .NET Security Risks and Vulnerabilities - Digital Blackbelt Series - Defend Your .NET Code

 

posted on Saturday, September 19, 2009 10:52 AM