MS Anti-Cross Site Scripting Library V1.0
I’ve read an interesting post about new released Microsoft Application Security Anti-Cross Site Scripting Library (Feb. 26). The only problem is that the link provided is not working. The same happened for other blog post.
I went further and searched MS site but all links take me to msdn.microsoft.com/downloads. On that page it might have been a link to this new library, but is no more there.
An excerpt from initial blog (Irena Kennedy):
The question is, since we already have HtmlEncode method under System.Web.HttpUtility to combat XSS, why do we need anything else? As it turns out, HttpUtility.HtmlEncode only escapes the known dangerous characters/strings; the new AntiXSSLibrary.HtmlEncode (and UrlEncode) only allows a small subset of known safe strings and escapes everything else. This is a much safer way to go!
I still couldn’t find this library on MS site, so I think something happened with it. Total mistery.
Update: the link is up and running now. Nice.