17.3 Mitigating XSS Vulnerabilities with the Anti-Cross Site Scripting Library
Cross-site scripting (XSS) is a common security vulnerability found in web applications. An application is vulnerable to XSS attacks whenever it creates a dynamic web page that displays user-controlled data. In an attack that exploits this vulnerability, the attacker provides a malicious script instead of valid input. That malicious input is embedded in the HTML document created by the application and ends up running in the victim’s browser as legitimate code from the application. This may allow an attacker to gain unauthorized access to the application and sensitive data, or, at the very least, allow the attacker to deface the web site.
Microsoft’s Anti-Cross Site Scripting Library can help mitigate this threat by encoding user input before embedding it in the dynamic web page. This encoding changes the input such that it can never be executed, regardless of whether or not it contains malicious code.
Anti-Cross Site Scripting Library at a Glance | |
---|---|
Tool | Anti-Cross Site Scripting Library |
Version covered | 1.0 |
Home page | |
Power Tools page | |
Summary | Library of functions used for encoding user input to guard against cross-site scripting attacks |
License type | Freeware |
Online resources ... |
Get Windows Developer Power Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.