FAQ Database Discussion Community

In ASP.NET 4.5, how should I encode a string to be used as a JavaScript variable, to prevent XSS attacks

I know of several ways to do this, but they all have some downside. Is there an "accepted" way of doing it, that is considered the best? I used to use the Microsoft.Security.Application.AntiXss.JavaScriptEncode() which is great, but AntiXSS has been end-of-lifed because the encoder is now included in .NET as...

ASP.NET MVC XSS Input Field strip HTML/Scripts or Sanitize

I'm using ASP.NET MVC AntiXssEncoder to prevent XSS for INPUT fields on Regeneration Form However, when on Update page user sees below: Input Test <b>abc</b> What's the best practice for this scenario? 1. Sanitize or Remove all HTML and Script Tags Thanks....

XSS in angularjs app and web api 2

I have a web application. I am using Angularjs and Web Api2. I have a simple form where user can insert some free text that will be send via email to other people. The text is also saved on db and later can be shown in a web site page....