AntiXSS 4.1 Beta 1

Apr 23, 2011 at 7:32 PM
Edited Apr 27, 2011 at 12:12 PM

I've pushed a new version of the encoding libraries, including specific support for swapping out the default encoders in .NET 4.0.

As this is only a beta there are no binaries, you will need to grab the source yourself and compile. Replacing the default encoders in .NET 4.0 will require you to use the version compiled by the Net4 project and make a web.config change to the httpRuntime node as follows


The runtime encoder feature should work with both WebForms and MVC (either the webforms or Razor view engines).

Nothing else has changed, please feel free to log any weird encoding bugs you see, especially if you swap out the default controller - this may cause hiccups with 3rd party controls which make assumptions about encoding.



<httpRuntime encoderType="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary.dll"/>