Anti XSS Anti-cross-site Scripting attack Library

Source: Internet
Author: User

https://wpl.codeplex.com/

Before understanding Anti-Cross Site Scripting Library (AntiXSS), let us understand Cross-site-Scripting (XSS).

Cross-site Scripting (XSS)

Cross-site Scripting attacks is a type of injection problem, in which malicious scripts is injected into the otherwise B Enign and trusted Web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a Web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed is quite widespread and occur anywhere a Web application uses input from a user In the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no-to-know that the script should isn't be trusted, and would execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or O Ther sensitive information retained by your browser and used with the that site. These scripts can even rewrite the content of the HTML page.

Cross-site Scripting (XSS) attacks occur when:

    1. Data enters a Web application through a untrusted source, most frequently a Web request.
    2. The data is included in dynamic content which is sent to a Web user without being validated for malicious code.

The malicious content sent to the Web browser often takes the form of a segment of JavaScript, and may also include HTML, Flash or any other type of code, the browser may execute. The variety of attacks based on XSS are almost limitless, but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to Web content controlled by the attacker, or perform ing other malicious operations on the user's machine under the guise of the vulnerable site.

Anti-Cross Site Scripting Library

AntiXSS helps protect your current applications from Cross-site scripting attacks, at the same time helping Protect your legacy application with its Security Runtime Engine. AntiXSS incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the Often employed Cross-site scripting (XSS) attack. AntiXSS gives you:

    • Improved performance. AntiXSS have been completely rewritten with performance on mind, and yet retains the fundamental protection from XSS attack S. You has come to rely on for your applications.
    • Secure globalization. The web is a global market place, and Cross-site scripting is a global issue. An attack can is coded anywhere, and ANTI-XSS now protects against XSS attacks coded in dozens of languages.
    • Standards Compliance. AntiXSS is written to comply with modern web standards. You can protect your Web application without adversely affecting its UI.
How it works?

Proper output encoding and good input validation'll fix the XSS issue. For output encoding, use AntiXSS Library for its comprehensive encoding capabilities. AntiXSS works by looking at all the characters in the input and encoding characters not in the whitelist.

XSS VulnerabilityHide Copy Code
Response.Write(Request.Params["input"]);

To prevent XSS, we need to use the below code (AntiXSS):

Hide Copy Code
AntiXss.UrlEncode(TextBox1.Text)AntiXss.HtmlAttributeEncode(TextBox1.Text)AntiXss.XmlEncode(TextBox1.Text)AntiXss.JavaScriptEncode(item)

You can download AntiXSS the library from here.

Anti XSS Anti-cross-site Scripting attack Library

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.