Preventing Cross-Site Scripting

Owned by Girisha (Deactivated)
Last updated: Jun 18, 2014 by FuseIT OA

Failing to prevent the injection of JavaScript into data flows opens the possibility of cross site scripting (XSS). Developers are alerted to the dangers of embedded JavaScript and requested to use recognised tools like the Microsoft Anti-Cross Site Scripting Library. Using the Microsoft Anti-Cross Site Scripting Library it is simple to ensure Salesforce or Sitecore bound data does not contain malicious characters.

//encode for usage in HTML
string safeString = AntiXss.HtmlEncode("evil string containing evil characters");
 
//encode for usage in HTML attribute
string safeString = AntiXss.HtmlAttributeEncode("evil string containing evil characters");
 
//encode for usage in Javascript
string safeString = AntiXss.JavaScriptEncode("evil string containing evil characters");
 
//HTML Sanitization method to strip dangerous HTML scripts
string safeString = AntiXss.GetSafeHtml("evil string containing evil characters");