Microsoft Anti-Cross Site Scripting Library V1.0
Microsoft Anti-Cross Site Scripting Library V1.0 has been released.
Cross Site Scripting problem is that many Web pages display input that is not validated. If input is not validated, malicious script can be embedded within the input. If a server-side script then displays this non-validated input, the script runs on the browser as though the trusted site generated it.
The new .NET library from Microsoft is supported on Windows 2000, Windows XP, and Windows 2003, and can be used with .NET 1.0, .NET 1.1, and .NET 2.0. The library exposes these two methods: HtmlEncode and UrlEncode (taking a single string paramter). These are the same methods as found in the System.Web.HttpUtility namespace in the .NET Framework today. The new library takes the approach with a method called "white-listing" or implementing the "principle of inclusions". This means it looks for what's good and considers everything else as bad and replaces those characters with their escape character equivalents.