antixsslibrary

Why use Microsoft AntiXSS library?

孤者浪人 提交于 2019-11-27 01:36:40
问题 When you can simply encode the data using HttpUtility.HtmlEncode , why should we use AntiXss.HtmlEncode ? Why is white list approach better than black listing? Also, in the Anti XSS library, where do I specify the whitelist? 回答1: White lists are always more secure that blacklist - just think which will be more secure, having a list of all of the people who are not allowed to your party or only allowing in those who are. (Basically blacklists can only handle attacks which are obvious or have

How to use C# to sanitize input on an html page?

烂漫一生 提交于 2019-11-26 18:36:31
Is there a library or acceptable method for sanitizing the input to an html page? In this case I have a form with just a name, phone number, and email address. Code must be C#. For example: "<script src='bobs.js'>John Doe</script>" should become "John Doe" This is an older, but still relevant question. We are using the HtmlSanitizer .Net library, which: is open-source (MIT) - GitHub link is actively maintained doesn't have the problems like Microsoft Anti-XSS library , Is unit tested with the OWASP XSS Filter Evasion Cheat Sheet is special built for this (in contrast to HTML Agility Pack ,

What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode?

杀马特。学长 韩版系。学妹 提交于 2019-11-26 12:10:36
问题 I just ran across a question with an answer suggesting the AntiXss library to avoid cross site scripting. Sounded interesting, reading the msdn blog, it appears to just provide an HtmlEncode() method. But I already use HttpUtility.HtmlEncode(). Why would I want to use AntiXss.HtmlEncode over HttpUtility.HtmlEncode? Indeed, I am not the first to ask this question. And, indeed, Google turns up some answers, mainly A white-list instead of black-list approach A 0.1ms performance improvement Well,
订阅 antixsslibrary