I'm currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from Microsoft on the net and I was wondering if this would work with a classic application?
If not do you have any ideas how I could go about sanitizing the strings?
To sanitize strings I would HTML encode all output, that way you don't have to dink around with special characters or huge regex expressions
Server.HTMLEncode(string)
The two most important countermeasures to prevent cross-site scripting attacks are to:
via How To: Prevent Cross-Site Scripting in ASP.NET (i know i'ts not classic asp but there are similar principals)