CodePlexProject Hosting for Open Source Software
OWASP publishes an XSS Prevention Cheat Sheet at http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet where they issue
recommended encoding and sanitization techniquest to help mitigate XSS attacks. The AntiXSS Library does not match their recommendations with character encoding one-for-one. For example, HtmlEncode doesn't encode the '/' (forward slash).
Are there any plans to add these additional encodings in the future, or is there a good reason not to?
We don't consider it a dangerous character, so it won't be changed unless someone can demonstrate a compelling reason.
Are you sure you want to delete this post? You will not be able to recover it later.
Are you sure you want to delete this thread? You will not be able to recover it later.