The Microsoft Anti-Cross Site Scripting Library V4.0 (AntiXSS V4.0) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks.

It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks).

The white-listing approach provides several advantages over other encoding schemes.

Features:

• A customizable safe list for HTML and XML encoding
• Performance improvements
• Support for Medium Trust ASP.NET applications
• HTML Named Entity Support
• Invalid Unicode detection
• Improved Surrogate Character Support for HTML and XML encoding
• LDAP Encoding Improvements
• application/x-www-form-urlencoded encoding support

Requires: Microsoft .NET Framework 3.5.

Supported Operating Systems: Windows 7; Windows Server 2003; Windows Server 2008; Windows Vista; Windows XP