AntiXSS 4.0 is live

Coordinator
Oct 4, 2010 at 6:41 PM

Just in case you missed it v4.0 is now up and the source is available.

This has mostly addressed the encoding library, medium trust, errors in UrlEncode and so on, along with a more flexible safe list for Markup encoding.

There's also new source for the SRE - but it's only source. The inspector model is now finalized, and I've added some sample inspectors. This includes a newer version of the AntiXSS inspector, but I've yet to add test cases for all the issues you've logged. I'll be continuing to work on this in my spare time around other projects.

It has not touched the sanitizer at all - that will need a serious amount of work, for which time isn't available just yet.

Oct 19, 2010 at 6:36 PM
bdorrans wrote:

There's also new source for the SRE - but it's only source. The inspector model is now finalized, and I've added some sample inspectors. This includes a newer version of the AntiXSS inspector, but I've yet to add test cases for all the issues you've logged. I'll be continuing to work on this in my spare time around other projects.

Hi,

Do you have a release date (estimated) for the next stable version of SRE?

Thanks, have a nice day.

Coordinator
Oct 19, 2010 at 6:40 PM

Not yet I'm afraid. The encoding plug-in has some well documented problems I just haven't had time to work on (as I have "real" work to do along side this). I keep plugging away at it, but it's a spare time project right now.