Monday, March 19, 2012

All user input is evil: Microsoft Web Protection Library

This application is something that should be under the belt of all web developers. I'm surprised that this library is not already bundled into ASP.NET MVC, which shows how little developers worry about securing an application. The good news is that there's a NuGet package already available.

If you're not sure what the AntiXSS library is, you should go and download it right now. It provides functions to sanitize user input, including but not limited to HTML and Javascript. The bad news is that you probably won't find a lot of documentation about it, but that's just because the library is really easy to use. Check it out here.

No comments: