This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

.NET AntiXSS Library

Jump to: navigation, search

NOTE: This content is a work in progress and all contribution is welcome. Please contact Jeff Knutson with questions, ideas, corrections, etc.


Cross site scripting (XSS) continues to show up on the as a top vulnerability every year. While very pervasive and dangerous, this vulnerability is possible to mitigate with reasonable developer effort. This page is dedicated to helping mitigate this vulnerability in regards to the Microsoft .NET Framework.

Attack Vectors

The primary XSS attack vectors are:

  • Reflected XSS
  • Persistent XSS

Please see Cross-site Scripting (XSS) for more detail regarding reflected and persistent XSS attacks.


XSS References



  • Look at the Microsoft implementations
  • See what work has already been done in the OWASP space for XSS
  • See what other work has been done for XSS (both .NET and other technology stacks)
  • Illustrate vulnerabilities and how to mitigate them (e.g. WebGoat.NET)
  • See if we can get the OWASP Anti-Samy project back into relevance


  • Dream big here!