I want to use AntiXss library function in my web application. I have a web application which contain asp.net pages with Jquery code in code behind. Whole asp.net pages run through Jquery js pages. I want to apply the encoding function to some fields, but the problem is how to apply and where to apply the encoding unction - (In jquery page where to set value to show on output window 0r on the server side code where get data API called in cs files.) And which function to use in this scenarios (HtmlEncode, JavascriptEncode, etc)
Thanks in advance
The basic idea behind preventing XSS attacks is that all input data (from user or say external application) should be treated as untrusted/un-safe and hence must be either validated while accepting and/or encoded while reproducing in output (html, js etc).
AFAIK, AntiXss
is an server side library, so you cannot use it to encode values in browser. You have to apply encoding (to html/html attribute/JS etc) at server side before sending those values to client (e.g. in aspx page or in asmx/SCF services that are sending data to client where java-script is going to treat the data as an html or script).
See this article - although its dated, it is still a good resource to start with AntiXss lib and it also lists scenarios for using various encoding methods under "Determining Encoding Method to Use"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With