AntiXSS Library V3.0 - Test Harness

re: AntiXSS Library V3.0 - Test Harness

jeff.williams@owasp.org — Mon, 19 Jan 2009 21:55:41 GMT

I meant to post on this earlier. Performing HTML entity encoding on all of RSnake's attack vectors is just plain silly. You might as well run it on Moby Dick. A better approach would be to actually go through the vectors and apply exactly the right encoding for each context. BTW, does AntiXSS pass these - http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/test/java/org/owasp/esapi/reference/EncoderTest.java?

re: AntiXSS Library V3.0 - Test Harness

Jesper Lind — Tue, 20 Jan 2009 06:19:27 GMT

Can you please let us know how to use the ddl:s on a host with medium trust? We have coded stuff that works great on our local machines, but we have not managed to run this in partial trust.

Yes we have tried to compile it our self with AllowPartiallyTrustedCallers, but it does not work.

Also posted the question here: http://www.codeplex.com/AntiXSS/Thread/View.aspx?ThreadId=44517

AntiXSS Library V3.0 - How to run in partial trust?

Jesper Lind — Sat, 31 Jan 2009 20:23:33 GMT

I really would like to use the AntiXSS but have not yet been able to run it on medium trust. I found some people who also wonder how to do it and nobody have a solution.

I also posted the question on CodePlex some time ago. Any help with this would be great.

http://www.codeplex.com/AntiXSS/Thread/View.aspx?ThreadId=44517

Information Security & Performance

Information Security — Tue, 17 Mar 2009 22:12:44 GMT

Our mission in Information Security is to enable secure & reliable business . In going about our