Update: The FAQ is now up as of today to help answer any initial questions you might have.  Check it out on the main landing page for the librarry at http://msdn2.microsoft.com/en-us/security/aa973814.aspx. 

Update: We'll be posting a Web-facing FAQ shortly (there's already one inside the library documentation) to help answer questions you might have regarding using this library.  Stay tuned!

After what seemed like forever, I am pleased to announced that the ACE and the ASP.NET team have released the Microsoft Anti-Cross Site Scripting Library V1.5.  This library is essentially the same library we use internally (if you've ever heard the name IOSec you'll know what I am talking about) with a few enhancements.  You can find the official release announcement for V1.5 at the ACE Team Blog.  There are way too many people to thank individually so I would just like like to say thank you to the internal and external folks who provided valuable feedback (some nicer than others =P) and support.

We're not done yet!  The next version aims to pack even more functionality and new automation to help you prevent those XSS nasties in a big way and -- as always --along with a few surprises.  Until then, enjoy this version.



Kevin Lam, CISSP

Senior Security Technologist

Microsoft Application Consulting & Engineering (ACE) Team