Codechef4u is a community for computer professionals,by computer professionals,just like you; who loves sharing and helping each others,Join them
Share your post

Anti-Cross Site Scripting Library(Antixss library)

Writing weak code means blindly providing security holes to attacker, most security problems come from trusting user input data too much. Such one common attack from trusting user input is Cross Site Scripting (often abbreviated as XSS). Microsoft created powerful tool that mitigates XSS risks called Anti-Cross Site Scripting Library.

Cross Site Scripting:

Cross Site Scripting (often abbreviated as XSS) when attacker uses web application send or injects malicious code like browser script, to different user. This malicious script executes and access user resources, trusted website data, website critical information.

Anti-Cross Site Scripting Library:

Anti-XSS helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security run time engine. 

Points to remember with Anti-XSS:

      1.  Secure Globalization: Anti-XSS protects against XSS attacks coded in dozens of languages or multiple languages called Secure Globalization. If your application is available in multiple languages this is very important protection.
2.  Performance: Anti-XSS code is written with performance in mind, code provides real time protection data protection with improved performance.
3.  Standards Compliance: Anti-XSS is written to comply with modern web standards. You can protect your web application without adversely affecting its UI.

Code Example using Anti-XSS:

    /// <summary>
    /// Returns safe input text and html fragment.
    /// added this considering prevention from xss attcks.
    /// </summary>
    public class SafeInputDataForApp
    {
        /// <summary>
        /// to prevent XSS, used Anti-XSS, returns safe data
        /// </summary>
        public void CheckValidInputs(string url,string htmlInput,string XmlInput,string item)
        {
 
          AntiXss.UrlEncode(url)
 
          AntiXss.HtmlAttributeEncode(htmlInput)
 
          AntiXss.XmlEncode(XmlInput)
 
           AntiXss.JavaScriptEncode(item)
        }
 
        /// <summary>
        /// Returns a sanitized html string
        /// </summary>
        public static string GetSafeHtml(string InputText)
        {
             return AntiXss.GetSafeHtmlFragment(InputText);
 
              //I recommends using below code, reson more safe
             //return Sanitizer.GetSafeHtmlFragment(InputText);
           }
    
    }
 

Invalid entry,please enter valid data.

Loading