code means blindly providing security holes to attacker, most security problems
come from trusting user input data too much. Such one common attack from
trusting user input is Cross Site Scripting (often abbreviated as XSS).
Microsoft created powerful tool that mitigates XSS risks called Anti-Cross Site
Cross Site Scripting:
Scripting (often abbreviated as XSS) when attacker uses web application send or
injects malicious code like browser script, to different user. This malicious script executes and access user resources,
trusted website data, website critical information.
Anti-Cross Site Scripting Library:
helps you to protect your current applications from cross-site scripting
attacks, at the same time helping you to protect your legacy application with
its Security run time engine.
Points to remember with Anti-XSS:
Secure Globalization: Anti-XSS protects against XSS attacks coded in dozens of
languages or multiple languages called Secure Globalization. If your application
is available in multiple languages this is very important protection.
Anti-XSS code is written with performance in mind, code provides real time protection
data protection with improved performance.
3. Standards Compliance: Anti-XSS is
written to comply with modern web standards. You can protect your web
application without adversely affecting its UI.
Code Example using Anti-XSS:
/// Returns safe input text and
/// added this considering
prevention from xss attcks.
/// to prevent XSS,
used Anti-XSS, returns safe data
CheckValidInputs(string url,string htmlInput,string XmlInput,string item)
/// Returns a sanitized
public static string GetSafeHtml(string InputText)
recommends using below code, reson more safe