- White Lists: AntiXSS differs from the standard .NET framework encoding by using a white list approach. All characters not on the white list will be encoded using the correct rules for the encoding type. Whilst this comes at a performance cost AntiXSS has
been written with performance in mind.
- Secure Globalization: The web is a global market place, and cross-site scripting is a global issue. An attack can be coded anywhere, and Anti-XSS now protects against XSS attacks coded in dozens of languages.
AntiXSS was merged into the .NET framework in v4.0. We recommend you use the bundled version, however we continue to make a standalone version available for older frameworks.
Security Runtime Engine (Retired)
The Security Runtime Engine (SRE) provided a wrapper around your existing web sites, ensuring that common attack vectors to not make it to your application. Protection is provided as standard for
- Cross Site Scripting
- SQL Injection
The SRE was meant as a defense in depth strategy, adding an bandage around your application until you could update the underlying code to provide encoding and SQL injection protection. It is no longer provided as a download and it's use is not recommended,
but source is available for those wanting to continue to use it or enhance it.