Using Microsoft Anti XSS Library
- Download the AntiXss Library(AntiXSSLibrary.dll) from the Microsoft Web Protection Library.
- Right click the References node of the project to add a reference to the assembly.
- On particular cases :
Case #1
HTML escape before inserting untrusted data into HTML element content
string safedata = Microsoft.Security.Application.AntiXss.HtmlEncode( Request.QueryString[ "input" ] );
Response.Write(“<div>” + safedata + “</div>”);
Case #2
Attribute escape before inserting untrusted data into HTML common attributes
string safedata = Microsoft.Security.Application.AntiXss.HtmlAttributeEncode( Request.QueryString[ "input" ] );
Response.Write(‘<div name=”’ + safedata + ‘“>’);
Case #3
JavaScript escape before inserting untrusted data into HTML JavaScript data values
string safedata = Microsoft.Security.Application.AntiXss.JavaScriptEncode( Request.QueryString[ "input" ] );
Response.Write(“<script>alert(‘“+safedata+”’);</script>”);
References
http://msdn.microsoft.com/en-us/library/ff649310.aspx
http://msdn.microsoft.com/en-us/library/aa973813.aspx
http://wpl.codeplex.com/releases/view/80289