Update on the sanitizer.

Jul 19, 2012 at 7:13 PM

I wanted to update you on the current state of the sanitizer. We're aware of the frustration you're having and I can only apologise. We're still exploring options - I know it's been six months but I've been trying to get a long term solution to the problem rather than patching unwieldy code.

The attempt to find a better solution and the resources to deliver it are still on-going I'm afraid, but it is discussed and pushed for on a regular basis.

I'm sorry that's all I have for you right now.

Aug 23, 2012 at 12:03 AM


I recently heard AntiXSS library was included in ASP.NET 4.5 (VS 2012) / .NET 4.5.

Does .NET 4.5 include the latest version of AntiXSS that is overly restrictive?


Jan 11, 2013 at 5:31 PM

It's been a year now since the WPL was patched. Do we have any further news on updating the sanitizer?

Jan 30, 2013 at 7:04 PM

Reiterating programmerman's question.  bdorrans, should AntiXss be considered abandoned?  Obviously, .NET 4.5 covers some of the functionality, but (to my knowledge) doesn't have an equivalent to the GetSafeHtmlFragment() method.  Would love to know where things stand, as we have a number of libraries that rely on MWPL.