Where is SRE?

May 10, 2011 at 11:20 PM

I installed AntiXSS Library v4.0, which seems to be the only install available, eventhough WPL supposedly includes AntiXSS and SRE.  I see no sign of SRE in the install and no mention of it in the AntiXSS.chm.

So, downloading Source Code for 61742 I can see all the SRE stuff in the v4.0 folder.  Is this where to learn about it, but it is not available as part of the 'installed' AntiXSS?  I would have to implement it manually using the sample web app as a guide?

May 11, 2011 at 12:58 AM

You're right - the SRE exists only as code, because, well, there are a bunch of outstanding bugs with the automatic encoder for web forms, some of which don't even have test cases. Whilst I'm reasonably confident in the other plug-ins, that one needs some work, and has the potential to kill off webforms sites - so, as the encoder is probably more important, AntiXSS was separated and released (and will always remain a separate install now). Unfortunately time and budget pressures exist, so I haven't had any time since then to put any work into the WPL, and so it's still considered a CTP right now.