Is there a minimum-trust equivalent of the Web Protection Library (Anti-XSS)?
-
02-03-2021 - |
Question
I am working on a project that requires some HTML sanitization. Normally, I would turn to the Microsoft Web Protection Library; however, in this case, I am developing an application running in minimal trust. Part of the WPL requires medium trust, and the rest seems to require full trust.
Can anyone suggest a good HTML sanitizer that can operate in a minimal trust environment?
OTHER TIPS
Can you explain more about your project? Like what framework are you in?
This is what I would suggest without knowing more details: AntiXSS 4.0 (released 10/5/2010): http://www.microsoft.com/download/en/details.aspx?id=5242
In the following post I demonstrate how to execute a simple XSS, but you'll notice that it only works in .Net 2.0 projects. Once you're above that, certain security measures are taken on your behalf and it will warn anytime unsafe text is put into user input fields.
http://mdukehall.wordpress.com/2011/11/03/intro-to-xss-for-web-developers/
Here is an alternative blog on it:
http://jimbojw.com/wiki/index.php?title=Sanitizing_user_input_against_XSS