Reputation: 122052
Any simple built-in way to protect against xss in asp.net mvc?
I've got a news-feed style field which admins can edit that will appear on users' pages. All users and all admins are approved so this is a pretty low-security affair.
Is there a simple, built-in way to validate their input for malicious script injection?
Upvotes: 0
Views: 133
Answers (2)
Reputation: 5347
Unfortunately, I don't think there is anything out there that is both simple and mature - at the moment. You can give OWASP Enterprise Security API a try, but you'll unlikely be any happier than with WPL.
I'd recommend adhering to the OWASP XSS guidelines, but I suspect you're already familiar.
Upvotes: 1
Reputation: 155065
Microsoft Web Protection Library: http://wpl.codeplex.com/
It's not built-in, but it's highly regarded and built for ASP.NET
Upvotes: 2
Related Questions
- Preventing XSS (Cross-site Scripting)
- How to protect or secured ASP.NET MVC from XSS?
- How to prevent XSS attacks in ASP.NET Core Razor view?
- Protecting ASP.NET MVC 5 application from XSS
- MVC c# prevent xss
- Prevent XSS attacks and still use Html.Raw
- How do you avoid XSS vulnerabilities in ASP.Net (MVC)?
- ASP.NET MVC XSS protection
- Best practice for Prevent XSS hacking
- sanitizing xss in asp.net mvc