Microsoft Anti-Cross Site Script Library

Question

Microsoft Anti-Cross Site Script Library

I am evaluating Microsoft Anti-Cross Site Script Library (AntiXSS V3)

I have to say that it seems to me that, in addition to providing a more complete white list of acceptable characters, this really does not bring anything aside, that a conscientious programmer who encoded all of his user / agent-modifiable output will not do it anyway.

Am I missing a trick?

+3

asp.net xss

Ajm 10 sept. '09 at 15:41

source share

1 answer

David · Accepted Answer · 2009-09-10T15:50:06+0000

I don’t think you are missing anything other than the fact that the number of programmers who know about proper secure coding is very small, and those who can do it right are still fewer.

, , , , Microsoft , ( ), , , . ( , , , Microsoft "" MS).

, . . OWASP , , , .

, , ? , Microsoft Anti-Cross Site , , .

Microsoft Anti-Cross Site Script Library

More articles: