Microsoft Anti-Cross Site Scripting Library 3.1 released

The Microsoft Anti-Cross Site Scripting Library (Anti-XSS) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.

It differs from most encoding libraries in that it uses the white-listing technique – sometimes referred to as the principle of inclusions – to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.

New features in version 3.1 of the Microsoft Anti-Cross Site Scripting Library include:

• An expanded white list that supports more languages
• Performance improvements
• Performance data sheets (in the online help)
• Support for Shift_JIS encoding for mobile browsers
• A sample application
• Security Runtime Engine (SRE) HTTP module
• HTML Sanitization methods to strip dangerous HTML scripts.

Download AntiXSS 3.1 here.