About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 35 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search


(Supports AND)

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

I don't believe any more than Spinoza did in the utility of denouncing vice, evil, and sin. Why always accuse, why always condemn? That's a sad ethics indeed, for a sad people.

— André Comte-Sponville



Navigation





<September 2024>
SMTWTFS
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345

Categories

  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  

Contact Me

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 9/4/2024

Totals
Posts - 2655
Comments - 2677
Hits - 2,691,959

Averages
Entries/day - 0.34
Comments/entry - 1.01
Hits/day - 348

Updated every 30 minutes. Last: 6:56 AM Pacific


  05:03 PM

Someone at Microsoft has posted improved versions of HtmlEncode and UrlEncode in what they call the "Microsoft Anti-Cross Site Scripting Library V1.0." The library includes two methods that are essentially the same as the corresponding methods in HtmlServerUtility:
public static string HtmlEncode(string s);
public static string UrlEncode(string s);
Thus:
String s = Microsoft.Security.Application.AntiXSSLibrary.HtmlEncode(TextBox1.Text);
The difference between the HtmlUtility and the Anti-XSS library versions of the methods is that the former encodes only a specific a set of characters, whereas the new version encodes everything but a specific set of characters. IOW, the former uses a blacklist, the latter a whitelist. In security terms, this means the new version is that much harder to get around.

(All of this information lifted directly from the docs and samples included with the library.)

To use the new library, download the .msi from the download page and run it. The installer puts the library by default at x:\Program Files\microsoft\Anti-Cross Site Scripting Library V1.0. The installation includes some minimal docs, some samples, and an assembly containing the class. The easiest way to use it, probably, is to copy the assembly to the Bin folder of any app where you want to use it. Have a look at the .rtf file in the Documentation folder for a little more information than what's listed here.

Via Mike Gunderloy.

[categories]   ,

[6] |