Anti-XSS library from Microsoft to mitigate XSS attacks

Anti-XSS library from Microsoft to mitigate XSS attacks

I am new to a large project and plan to use the Anti-XSS library from Microsoft to mitigate XSS attacks. This is a very large MVC C# application, and it has been determined this library from MS will be low-impact, yet close many exposures.

Any suggestions on how to approach this integration?

newbiewebSr. Software EngineerAsked:
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
AntiXSS though EOL, its source and installers will remain online allow people using earlier versions of .NET to enable an alternative, whitelist based encoded but no further enhancements, outside of security fixes, will be made.
No software is bugless, but if you still want to try out, it is still possible.
That said, its last vulnerability known is
The challenge is just that if you upgrade to latest .NET framework then likely the Anti XSS will break otherwise still worth try out.

Nonetheless, one alternative is HTMLSanitizer that cleans HTML fragments and documents from constructs that can lead to XSS attacks and there is a demo site
Jackie ManConnect With a Mentor Commented:
Anti-XSS library from Microsoft is End of Life (EOL) already. Why do you think that it will be no impact to use Anti-XSS library?
newbiewebSr. Software EngineerAuthor Commented:

End of Life sounds like it may be a bad choice then. Have they already stopped supporting it? I saw that version 4.3 was released years ago, so it already seemed either bug-free ;) or no longer of interest for them to update.

What options are there?

Is this a good alternative?
newbiewebSr. Software EngineerAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.