ASP.NET 2.0 Resources

Powered by Blogger

Microsoft Anti-Cross Site Scripting Library V1.0

Microsoft Anti-Cross Site Scripting Library V1.0 has been released.

Cross Site Scripting problem is that many Web pages display input that is not validated. If input is not validated, malicious script can be embedded within the input. If a server-side script then displays this non-validated input, the script runs on the browser as though the trusted site generated it.

The new .NET library from Microsoft is supported on Windows 2000, Windows XP, and Windows 2003, and can be used with .NET 1.0, .NET 1.1, and .NET 2.0. The library exposes these two methods: HtmlEncode and UrlEncode (taking a single string paramter). These are the same methods as found in the System.Web.HttpUtility namespace in the .NET Framework today. The new library takes the approach with a method called "white-listing" or implementing the "principle of inclusions". This means it looks for what's good and considers everything else as bad and replaces those characters with their escape character equivalents.

2 Comments:

  • Nice information, many thanks to the author. It is incomprehensible to me now, but in general, the usefulness and significance is overwhelming. Thanks again and good luck! Web Design Company

    By Blogger Pooja, at 10:58 AM  

  • Stephen Stapinski

    Really your blog is very interesting.... it contains great and unique information. I enjoyed to visiting your blog. It's just amazing.... Thanks very much for the share.

    By Blogger rocky case, at 11:19 AM  

Post a Comment

<< Home

Created dolly