Welcome to WebmasterWorld Guest from 54.82.99.169

Forum Moderators: ocean10000

Message Too Old, No Replies

Anti-XSS 3.0 - Beta

Anti-XSS 3.0 - Beta

     
4:02 pm on Jul 18, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month

joined:Jan 14, 2004
posts:864
votes: 3


One of the more common problems in web applications are Cross Site Scripting attacks. These are where a foreign JavaScript is inject into a website without the web site owners permission, and are often used to trick the website users since they trust the site. Microsoft has released an updated version of their Anti-XSS library free to the public.

Anti-XSS is using the MS-PL license. The source code can be found at CodePlex [codeplex.com]. And the binary can be found in the free MSDN [microsoft.com] downloads.

An older tutorial can be found in the MSDN library which describes in a bit more detail where common places where Cross Site Scripting attack vectors can be found, and how to fix these areas using the Anti-XSS library.
Microsoft Anti-Cross Site Scripting Library V1.5: Protecting the Contoso Bookmark Page [msdn.microsoft.com]

4:19 am on July 21, 2009 (gmt 0)

Senior Member from MY 

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 1, 2003
posts:4847
votes: 0


Very interesting to take a software approach; but my main concern is that the solution is not portable. Given that the problem is a Javascript security issue, the solution likewise should ideally be a Javascript library and hence applicable to all platforms and servers able to support or serve javascript.