AntiXSS and OWASP XSS Prevention Cheat Sheet

Aug 2, 2011 at 2:53 PM

OWASP publishes an XSS Prevention Cheat Sheet at http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet where they issue recommended encoding and sanitization techniquest to help mitigate XSS attacks.  The AntiXSS Library does not match their recommendations with character encoding one-for-one.  For example, HtmlEncode doesn't encode the '/' (forward slash).  Are there any plans to add these additional encodings in the future, or is there a good reason not to?

Thanks!

Coordinator
Aug 2, 2011 at 3:05 PM

We don't consider it a dangerous character, so it won't be changed unless someone can demonstrate a compelling reason.