Some users who have been using IOSEC, our internal library for defending against cross-site scripting (XSS) attacks, may be wondering what’s the difference between that library and the Microsoft Anti-Cross Site Scripting Library V1.0 at http://www.microsoft.com/downloads/details.aspx?FamilyID=9A2B9C92-7AD9-496C-9A89-AF08DE2E5982&displaylang=en.
XSS Attack Vector
Anti-Cross Site Scripting Library
Visual Basic Script
In the 1.0 release of the Anti-Cross Site Scripting Library, only the code to do html and url encoding was provided. In the coming weeks we’ll be porting the full capabilities of IOSEC, some safe .NET controls to use in web applications plus some feedback from the community to the Anti-Cross Site Scripting Library V1.5. Check back soon for that release!
Senior Security Technologist
Application Consulting & Engineering (ACE) Team