Microsoft is actively developing the next iteration of Anti-XSS library and Security Runtime Engine (SRE) with added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the Web Protection Library or WPL. WPL now includes encoding methods to provide mitigations around LDAP Injection and CSS Injections (Cascading Style Sheets) with several others planned for the future. The runtime protection module includes a new HTTP Module that detects and protects from SQL Injection attempts using a specialized SQL Parser to detect any valid SQL queries in the input.

More info: Security Tools