An open-source Anti-XSS Web Protection Library, from Microsoft

The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding practices.

Microsoft has released an open-source Web Protection Library (WPL) to help developers protect web sites from cross-site scripting attacks.

The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding practices.

It essentially provides a list of encoding functions for user input, including HTML, HTML attributes, XML, CSS and JavaScript.

follow Ryan Naraine on twitter

  • White Lists: AntiXSS differs from the standard .NET framework encoding by using a white list approach. All characters not on the white list will be encoded using the correct rules for the encoding type. Whilst this comes at a performance cost AntiXSS has been written with performance in mind.
  • Secure Globalization: The web is a global market place, and cross-site scripting is a global issue. An attack can be coded anywhere, and Anti-XSS now protects against XSS attacks coded in dozens of languages.
  • Security Runtime Engine: The Security Runtime Engine (SRE) provides a wrapper around your existing web sites, ensuring that common attack vectors to not make it to your application. Protection is provided as standard forCross Site ScriptingSQL Injection.

Documentation and download instructions can be found at the open-source Codeplex site.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All