AntiXSS V4.0 is an encoding library designed to help developers protect their ASP.NET web-based apps from XSS attacks. It differs from most encoding libraries in that it uses white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.
New features include: » customizable safe list for HTML and XML encoding » Performance improvements; Support for Medium Trust ASP.NET apps » HTML Named Entity Support » Invalid Unicode detection » Improved Surrogate Character Support for HTML and XML encoding » LDAP Encoding Improvements » application/x-www-form-urlencoded encoding support.
More Info: Download