.NET AntiXSS Library

(NOTE:) This content is a work in progress and all contribution is welcome. Please contact Jeff Knutson (User:Jeff Knutson) with questions, ideas, corrections, etc.

Problem Overview
Cross site scripting (XSS) continues to show up on the as a top vulnerability.

.NET specific concerns
-TODO ASP.NET 4.5 built in support for AntiXSS -TODO the AntiXSS project

Using as the default encoder in ASP.NET instructions
TODO: Phil Haack has a good link on this already: http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx/

Now

 * Look at the Microsoft implementations
 * See what work has already been done in the OWASP space for XSS
 * See what other work has been done for XSS (both .NET and other technology stacks)
 * Illustrate vulnerabilities and how to mitigate them (e.g. WebGoat)

Future

 * Dream big here!