Commented Unassigned: Sanitizer.GetSafeHtmlFragment() doesn't work correctly...
Sanitizer.GetSafeHtmlFragment('м') returns "&# 1084;"Seems that problem is in this classMicrosoft.Exchange.Data.TextConverters.HtmlWriter# bool IFallback.IsUnsafeUnicode(char ch, bool isFirstChar){...
View ArticleNew Post: How to use in WebAPI 2?
Hi, It's not clear which classes are overridden by AntiXSS in relation to .Net WebAPI 2. Should I use HttpUtility? Paul
View ArticleNew Post: How to use in WebAPI 2?
WebAPI doesn't (generally) spit out HTML, so there's no actual need for encoding.
View ArticleNew Post: How to use in WebAPI 2?
I'm using WebAPI to serve a Single Page Application. I want to encode all values that are contained in the models using HTML, URL and JavaScript encoding where appropriate. My understanding is that all...
View ArticleNew Post: How to use in WebAPI 2?
That's not how you should be doing it. Models should contain data. The data is then inserted into existing or newly created elements by the calling javascript. When done like this there's no need for...
View ArticleNew Post: AntiXSS Module
Hi, I am working with a legacy .Net frame work 3.5 frame work based application, and we would like to use AntiXSS http module but i am not finding this anywhere ,I think new WebProtection library...
View ArticleUpdated Wiki: Home
Download from nuget or the Microsoft Download CenterAntiXSS AntiXSS provides a myriad of encoding functions for user input, including HTML, HTML attributes, XML, CSS and JavaScript. White Lists:...
View ArticleNew Post: AntiXSS Module
There is no new Web Protection Library. It is now available as a piece of sample code, an exercise in http request interception. However we strongly recommend fixing the underlying application rather...
View ArticleCreated Unassigned: HTMLEditorExtender Sanitizer [21827]
Updated AjaxControlToolkit to 15.1.1.100 and HTMLEditor.Sanitizer to 15.1.1.100 also. I see them in my project References. My program loads the TextBox with my HTML code and it is displayed fine. VB...
View ArticleCommented Unassigned: HTMLEditorExtender Sanitizer [21827]
Updated AjaxControlToolkit to 15.1.1.100 and HTMLEditor.Sanitizer to 15.1.1.100 also. I see them in my project References. My program loads the TextBox with my HTML code and it is displayed fine. VB...
View ArticleUpdated Wiki: Home
AntiXSS is now End of Live In .NET 4.0 a version of AntiXSS was included in the framework and could be enabled via configuration. In ASP.NET v5 a white list based encoder will be the only encoder. As...
View ArticleNew Post: Cross site scripting reflected in mvc
Hi, I have a software security problem in my mvc application reported as "Cross Site Scripting : Reflected". The below code is the sample scenario used in controller. Line 1: public JsonResult...
View ArticleNew Post: Cross site scripting reflected in mvc
This is a question for an MVC forum, where you would find this is by design. JSON is meant for browser javascript based manipulation, where adding via the InnerText property or via JQuery would perform...
View ArticleUpdated Wiki: Home
AntiXSS is now End of Life In .NET 4.0 a version of AntiXSS was included in the framework and could be enabled via configuration. In ASP.NET v5 a white list based encoder will be the only encoder. As...
View ArticleNew Post: LDAP support
Is LDAP encoding support also "merged into the .NET framework in v4.0"? I took the advice of bdorrans from the home page ("We recommend you use the bundled version") and googled pretty hard to find...
View ArticleNew Post: AntiXssEncoder Missing JavaScriptStringEncode
I'm looking at using AntiXssEncoder as my default encoder but I noticed it isn't overriding JavaScriptStringEncode(). Is there a reason for this? I would have assumed that AntiXss'...
View ArticleNew Post: Problem!
You can grab it and install it through NuGet. Like this: AntiXSS is an encoding library which uses a safe list approach to encoding. It provides Html, XML, Url, Form, LDAP, CSS, JScript and VBScript...
View ArticleCommented Unassigned: where does this install to? [21668]
Hi. The installer and the instructions amazingly do not tell me where this will install. Is this so secure, that we are not able to find it? If I have to goto the GAC to get this, then that is an...
View Article