AntiXSS and OWASP XSS Prevention Cheat Sheet

Aug 2, 2011 at 3:53 PM

OWASP publishes an XSS Prevention Cheat Sheet at where they issue recommended encoding and sanitization techniquest to help mitigate XSS attacks.  The AntiXSS Library does not match their recommendations with character encoding one-for-one.  For example, HtmlEncode doesn't encode the '/' (forward slash).  Are there any plans to add these additional encodings in the future, or is there a good reason not to?


Aug 2, 2011 at 4:05 PM

We don't consider it a dangerous character, so it won't be changed unless someone can demonstrate a compelling reason.