So, in the ASP.NET MVC2 application section, I have to allow HTML input from a typical rich text field. So I added a controller method attribute to disable MVC brute force input validation.
But now what should I do to prevent XSS attacks. So far I have looked and found:
- AntiXSS: It looks good, but the whitelist seems inaccessible. In addition, for some reason, I have problems with his work. After adding a link to the dll, the compiler still sees the missing assembly.
- Antisamy: allows you to customize the whitelist, but the last time .NET was updated, it was in 2009. This does not inspire confidence in security software.
What else? Are there other libraries for cleaning input with HTML content so that it is easy to configure valid tags?
source
share