How to use Microsoft AntiXss 4.x?

c# asp.net-mvc security xss antixsslibrary
Alireza Noori picture Alireza Noori · Jul 4, 2014 · Viewed 8.5k times · Source

I want to use the new version of the AntiXss library from Microsoft. I downloaded it from the Nuget package but I'm not sure where should I go from here. No documentation is provided for the library and all the articles I find on the Web are old. Since a lot has changed and pretty much everything I want to use is marked as deprecated in the library itself, I wonder which is the best way to use this library?

  • Should I make it my default encoder?
  • Should I modify all the views to use Microsoft.Security.Application.AntiXss.HtmlEncode() and such?
  • Both maybe?

Any help would be appreciated.

Answer

jpvantuyl picture jpvantuyl · Apr 8, 2015

Take a look at this answer to "Why use Microsoft AntiXSS library?" for a hint to get you started.

Related questions

Why is JsonRequestBehavior needed?

Why is Json Request Behavior needed? If I want to restrict the HttpGet requests to my action I can decorate the action with the [HttpPost] attribute Example: [HttpPost] public JsonResult Foo() { return Json("Secrets"); } // Instead of: public JsonResult Foo() { return …

Read More
Restrict access to a specific controller by IP address in ASP.NET MVC Beta

I have an ASP.NET MVC project containing an AdminController class and giving me URls like these: http://example.com/admin/AddCustomer http://examle.com/Admin/ListCustomers I want to configure the server/app so that URIs containing /Admin are …

Read More
How to make Authorize attribute return custom 403 error page instead of redirecting to the Logon page

[Authorize] attribute is nice and handy MS invention, and I hope it can solve the issues I have now To be more specific: When current client isn't authenticated - [Authorize] redirects from secured action to logon page and after logon …

Read More